RANGER-702: optimize policy download performance
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/e7d18115 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/e7d18115 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/e7d18115 Branch: refs/heads/ranger-0.5 Commit: e7d18115c903cac57bc599bf77587ede1f7e90bf Parents: 4ce6953 Author: Madhan Neethiraj <[email protected]> Authored: Wed Nov 11 10:27:24 2015 -0800 Committer: Madhan Neethiraj <[email protected]> Committed: Wed Nov 11 10:27:24 2015 -0800 ---------------------------------------------------------------------- .../ranger/plugin/util/RangerPerfTracer.java | 80 ++ .../ranger/biz/RangerPolicyRetriever.java | 658 +++++++++++++++ .../org/apache/ranger/biz/ServiceDBStore.java | 20 +- .../apache/ranger/db/XXPolicyItemAccessDao.java | 26 + .../ranger/db/XXPolicyItemConditionDao.java | 26 + .../org/apache/ranger/db/XXPolicyItemDao.java | 16 + .../ranger/db/XXPolicyItemGroupPermDao.java | 25 + .../ranger/db/XXPolicyItemUserPermDao.java | 25 + .../apache/ranger/db/XXPolicyResourceDao.java | 13 + .../ranger/db/XXPolicyResourceMapDao.java | 25 + .../org/apache/ranger/rest/ServiceREST.java | 247 +++++- .../ranger/service/RangerBaseModelService.java | 133 ++- .../ranger/service/RangerPolicyService.java | 11 +- .../ranger/service/RangerPolicyServiceBase.java | 104 --- .../RangerPolicyWithAssignedIdService.java | 13 +- .../resources/META-INF/jpa_named_queries.xml | 104 ++- .../src/main/webapp/WEB-INF/log4j.xml | 16 + .../ranger/service/TestRangerPolicyService.java | 813 ------------------- 18 files changed, 1352 insertions(+), 1003 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e7d18115/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPerfTracer.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPerfTracer.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPerfTracer.java new file mode 100644 index 0000000..fc84bcd --- /dev/null +++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/RangerPerfTracer.java @@ -0,0 +1,80 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.plugin.util; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.commons.lang.StringUtils; + +public class RangerPerfTracer { + private final Log logger; + private final String tag; + private final long startTimeMs; + + public static Log getPerfLogger(String name) { + return LogFactory.getLog("ranger.perf." + name); + } + + public static Log getPerfLogger(Class<?> cls) { + return RangerPerfTracer.getPerfLogger(cls.getName()); + } + + public static boolean isPerfTraceEnabled(Log logger) { + return logger.isInfoEnabled(); + } + + public static RangerPerfTracer getPerfTracer(Log logger, String tag) { + return logger.isInfoEnabled() ? new RangerPerfTracer(logger, tag) : null; + } + + public static RangerPerfTracer getPerfTracer(Log logger, Object... tagParts) { + return logger.isInfoEnabled() ? new RangerPerfTracer(logger, StringUtils.join(tagParts)) : null; + } + + public static void log(RangerPerfTracer tracer) { + if(tracer != null) { + tracer.log(); + } + } + + public RangerPerfTracer(Log logger, String tag) { + this.logger = logger; + this.tag = tag; + startTimeMs = System.currentTimeMillis(); + } + + public final String getTag() { + return tag; + } + + public final long getStartTime() { + return startTimeMs; + } + + public final long getElapsedTime() { + return System.currentTimeMillis() - startTimeMs; + } + + public void log() { + if(logger.isInfoEnabled()) { + logger.info("[PERF] " + tag + ": " + getElapsedTime()); + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e7d18115/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java new file mode 100644 index 0000000..2415df7 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerPolicyRetriever.java @@ -0,0 +1,658 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.biz; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.ListIterator; +import java.util.Map; + +import org.apache.commons.collections.CollectionUtils; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.apache.ranger.authorization.utils.StringUtil; +import org.apache.ranger.db.RangerDaoManager; +import org.apache.ranger.entity.XXAccessTypeDef; +import org.apache.ranger.entity.XXGroup; +import org.apache.ranger.entity.XXPolicy; +import org.apache.ranger.entity.XXPolicyConditionDef; +import org.apache.ranger.entity.XXPolicyItem; +import org.apache.ranger.entity.XXPolicyItemAccess; +import org.apache.ranger.entity.XXPolicyItemCondition; +import org.apache.ranger.entity.XXPolicyItemGroupPerm; +import org.apache.ranger.entity.XXPolicyItemUserPerm; +import org.apache.ranger.entity.XXPolicyResource; +import org.apache.ranger.entity.XXPolicyResourceMap; +import org.apache.ranger.entity.XXPortalUser; +import org.apache.ranger.entity.XXResourceDef; +import org.apache.ranger.entity.XXService; +import org.apache.ranger.plugin.model.RangerPolicy; +import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem; +import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess; +import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition; +import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; +import org.apache.ranger.plugin.policyevaluator.RangerPolicyItemEvaluator; +import org.apache.ranger.plugin.util.RangerPerfTracer; + + +public class RangerPolicyRetriever { + static final Log LOG = LogFactory.getLog(RangerPolicyRetriever.class); + static final Log PERF_LOG = RangerPerfTracer.getPerfLogger("db.RangerPolicyRetriever"); + + final RangerDaoManager daoMgr; + final LookupCache lookupCache; + + public RangerPolicyRetriever(RangerDaoManager daoMgr) { + this.daoMgr = daoMgr; + this.lookupCache = new LookupCache(); + } + + public List<RangerPolicy> getServicePolicies(Long serviceId) { + List<RangerPolicy> ret = null; + + if(serviceId != null) { + XXService xService = getXXService(serviceId); + + if(xService != null) { + ret = getServicePolicies(xService); + } else { + if(LOG.isDebugEnabled()) { + LOG.debug("RangerPolicyRetriever.getServicePolicies(serviceId=" + serviceId + "): service not found"); + } + } + } + + return ret; + } + + public List<RangerPolicy> getServicePolicies(String serviceName) { + List<RangerPolicy> ret = null; + + if(serviceName != null) { + XXService xService = getXXService(serviceName); + + if(xService != null) { + ret = getServicePolicies(xService); + } else { + if(LOG.isDebugEnabled()) { + LOG.debug("RangerPolicyRetriever.getServicePolicies(serviceName=" + serviceName + "): service not found"); + } + } + } + + return ret; + } + + public List<RangerPolicy> getServicePolicies(XXService xService) { + String serviceName = xService == null ? null : xService.getName(); + Long serviceId = xService == null ? null : xService.getId(); + + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerPolicyRetriever.getServicePolicies(serviceName=" + serviceName + ", serviceId=" + serviceId + ")"); + } + + List<RangerPolicy> ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "RangerPolicyRetriever.getServicePolicies(serviceName=" + serviceName + ", serviceId=" + serviceId + ")"); + } + + if(xService != null) { + RetrieverContext ctx = new RetrieverContext(xService); + + ret = ctx.getAllPolicies(); + } else { + if(LOG.isDebugEnabled()) { + LOG.debug("RangerPolicyRetriever.getServicePolicies(xService=" + xService + "): invalid parameter"); + } + } + + RangerPerfTracer.log(perf); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerPolicyRetriever.getServicePolicies(serviceName=" + serviceName + ", serviceId=" + serviceId + "): policyCount=" + (ret == null ? 0 : ret.size())); + } + + return ret; + } + + public RangerPolicy getPolicy(Long policyId) { + RangerPolicy ret = null; + + if(policyId != null) { + XXPolicy xPolicy = getXXPolicy(policyId); + + if(xPolicy != null) { + ret = getPolicy(xPolicy); + } else { + if(LOG.isDebugEnabled()) { + LOG.debug("RangerPolicyRetriever.getPolicy(policyId=" + policyId + "): policy not found"); + } + } + + } + + return ret; + } + + public RangerPolicy getPolicy(XXPolicy xPolicy) { + RangerPolicy ret = null; + + if(xPolicy != null) { + XXService xService = getXXService(xPolicy.getService()); + + if(xService != null) { + ret = getPolicy(xPolicy, xService); + } else { + if(LOG.isDebugEnabled()) { + LOG.debug("RangerPolicyRetriever.getPolicy(policyId=" + xPolicy.getId() + "): service not found (serviceId=" + xPolicy.getService() + ")"); + } + } + } + + return ret; + } + + public RangerPolicy getPolicy(XXPolicy xPolicy, XXService xService) { + Long policyId = xPolicy == null ? null : xPolicy.getId(); + + if(LOG.isDebugEnabled()) { + LOG.debug("==> RangerPolicyRetriever.getPolicy(" + policyId + ")"); + } + + RangerPolicy ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "RangerPolicyRetriever.getPolicy(policyId=" + policyId + ")"); + } + + if(xPolicy != null && xService != null) { + RetrieverContext ctx = new RetrieverContext(xPolicy, xService); + + ret = ctx.getNextPolicy(); + } else { + if(LOG.isDebugEnabled()) { + LOG.debug("RangerPolicyRetriever.getPolicy(xPolicy=" + xPolicy + ", xService=" + xService + "): invalid parameter(s)"); + } + } + + RangerPerfTracer.log(perf); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== RangerPolicyRetriever.getPolicy(" + policyId + "): " + ret); + } + + return ret; + } + + private XXService getXXService(Long serviceId) { + XXService ret = null; + + if(serviceId != null) { + ret = daoMgr.getXXService().getById(serviceId); + } + + return ret; + } + + private XXService getXXService(String serviceName) { + XXService ret = null; + + if(serviceName != null) { + ret = daoMgr.getXXService().findByName(serviceName); + } + + return ret; + } + + private XXPolicy getXXPolicy(Long policyId) { + XXPolicy ret = null; + + if(policyId != null) { + ret = daoMgr.getXXPolicy().getById(policyId); + } + + return ret; + } + + class LookupCache { + final Map<Long, String> userNames = new HashMap<Long, String>(); + final Map<Long, String> userScreenNames = new HashMap<Long, String>(); + final Map<Long, String> groupNames = new HashMap<Long, String>(); + final Map<Long, String> accessTypes = new HashMap<Long, String>(); + final Map<Long, String> conditions = new HashMap<Long, String>(); + final Map<Long, String> resourceDefs = new HashMap<Long, String>(); + + String getUserName(Long userId) { + String ret = null; + + if(userId != null) { + ret = userNames.get(userId); + + if(ret == null) { + XXPortalUser user = daoMgr.getXXPortalUser().getById(userId); + + if(user != null) { + ret = user.getLoginId(); + + userNames.put(userId, ret); + } + } + } + + return ret; + } + + String getUserScreenName(Long userId) { + String ret = null; + + if(userId != null) { + ret = userScreenNames.get(userId); + + if(ret == null) { + XXPortalUser user = daoMgr.getXXPortalUser().getById(userId); + + if(user != null) { + ret = user.getPublicScreenName(); + + if (StringUtil.isEmpty(ret)) { + ret = user.getFirstName(); + + if(StringUtil.isEmpty(ret)) { + ret = user.getLoginId(); + } else { + if(!StringUtil.isEmpty(user.getLastName())) { + ret += (" " + user.getLastName()); + } + } + } + + if(ret != null) { + userScreenNames.put(userId, ret); + } + } + } + } + + return ret; + } + + String getGroupName(Long groupId) { + String ret = null; + + if(groupId != null) { + ret = groupNames.get(groupId); + + if(ret == null) { + XXGroup group = daoMgr.getXXGroup().getById(groupId); + + if(group != null) { + ret = group.getName(); + + groupNames.put(groupId, ret); + } + } + } + + return ret; + } + + String getAccessType(Long accessTypeId) { + String ret = null; + + if(accessTypeId != null) { + ret = accessTypes.get(accessTypeId); + + if(ret == null) { + XXAccessTypeDef xAccessType = daoMgr.getXXAccessTypeDef().getById(accessTypeId); + + if(xAccessType != null) { + ret = xAccessType.getName(); + + accessTypes.put(accessTypeId, ret); + } + } + } + + return ret; + } + + String getConditionType(Long conditionDefId) { + String ret = null; + + if(conditionDefId != null) { + ret = conditions.get(conditionDefId); + + if(ret == null) { + XXPolicyConditionDef xPolicyConditionDef = daoMgr.getXXPolicyConditionDef().getById(conditionDefId); + + if(xPolicyConditionDef != null) { + ret = xPolicyConditionDef.getName(); + + conditions.put(conditionDefId, ret); + } + } + } + + return ret; + } + + String getResourceName(Long resourceDefId) { + String ret = null; + + if(resourceDefId != null) { + ret = resourceDefs.get(resourceDefId); + + if(ret == null) { + XXResourceDef xResourceDef = daoMgr.getXXResourceDef().getById(resourceDefId); + + if(xResourceDef != null) { + ret = xResourceDef.getName(); + + resourceDefs.put(resourceDefId, ret); + } + } + } + + return ret; + } + } + + static List<XXPolicy> asList(XXPolicy policy) { + List<XXPolicy> ret = new ArrayList<XXPolicy>(); + + if(policy != null) { + ret.add(policy); + } + + return ret; + } + + class RetrieverContext { + final XXService service; + final ListIterator<XXPolicy> iterPolicy; + final ListIterator<XXPolicyResource> iterResources; + final ListIterator<XXPolicyResourceMap> iterResourceMaps; + final ListIterator<XXPolicyItem> iterPolicyItems; + final ListIterator<XXPolicyItemUserPerm> iterUserPerms; + final ListIterator<XXPolicyItemGroupPerm> iterGroupPerms; + final ListIterator<XXPolicyItemAccess> iterAccesses; + final ListIterator<XXPolicyItemCondition> iterConditions; + + RetrieverContext(XXService xService) { + Long serviceId = xService == null ? null : xService.getId(); + + List<XXPolicy> xPolicies = daoMgr.getXXPolicy().findByServiceId(serviceId); + List<XXPolicyResource> xResources = daoMgr.getXXPolicyResource().findByServiceId(serviceId); + List<XXPolicyResourceMap> xResourceMaps = daoMgr.getXXPolicyResourceMap().findByServiceId(serviceId); + List<XXPolicyItem> xPolicyItems = daoMgr.getXXPolicyItem().findByServiceId(serviceId); + List<XXPolicyItemUserPerm> xUserPerms = daoMgr.getXXPolicyItemUserPerm().findByServiceId(serviceId); + List<XXPolicyItemGroupPerm> xGroupPerms = daoMgr.getXXPolicyItemGroupPerm().findByServiceId(serviceId); + List<XXPolicyItemAccess> xAccesses = daoMgr.getXXPolicyItemAccess().findByServiceId(serviceId); + List<XXPolicyItemCondition> xConditions = daoMgr.getXXPolicyItemCondition().findByServiceId(serviceId); + + this.service = xService; + this.iterPolicy = xPolicies.listIterator(); + this.iterResources = xResources.listIterator(); + this.iterResourceMaps = xResourceMaps.listIterator(); + this.iterPolicyItems = xPolicyItems.listIterator(); + this.iterUserPerms = xUserPerms.listIterator(); + this.iterGroupPerms = xGroupPerms.listIterator(); + this.iterAccesses = xAccesses.listIterator(); + this.iterConditions = xConditions.listIterator(); + } + + RetrieverContext(XXPolicy xPolicy) { + this(xPolicy, getXXService(xPolicy.getService())); + } + + RetrieverContext(XXPolicy xPolicy, XXService xService) { + Long policyId = xPolicy == null ? null : xPolicy.getId(); + + List<XXPolicy> xPolicies = asList(xPolicy); + List<XXPolicyResource> xResources = daoMgr.getXXPolicyResource().findByPolicyId(policyId); + List<XXPolicyResourceMap> xResourceMaps = daoMgr.getXXPolicyResourceMap().findByPolicyId(policyId); + List<XXPolicyItem> xPolicyItems = daoMgr.getXXPolicyItem().findByPolicyId(policyId); + List<XXPolicyItemUserPerm> xUserPerms = daoMgr.getXXPolicyItemUserPerm().findByPolicyId(policyId); + List<XXPolicyItemGroupPerm> xGroupPerms = daoMgr.getXXPolicyItemGroupPerm().findByPolicyId(policyId); + List<XXPolicyItemAccess> xAccesses = daoMgr.getXXPolicyItemAccess().findByPolicyId(policyId); + List<XXPolicyItemCondition> xConditions = daoMgr.getXXPolicyItemCondition().findByPolicyId(policyId); + + this.service = xService; + this.iterPolicy = xPolicies.listIterator(); + this.iterResources = xResources.listIterator(); + this.iterResourceMaps = xResourceMaps.listIterator(); + this.iterPolicyItems = xPolicyItems.listIterator(); + this.iterUserPerms = xUserPerms.listIterator(); + this.iterGroupPerms = xGroupPerms.listIterator(); + this.iterAccesses = xAccesses.listIterator(); + this.iterConditions = xConditions.listIterator(); + } + + RangerPolicy getNextPolicy() { + RangerPolicy ret = null; + + if(iterPolicy.hasNext()) { + XXPolicy xPolicy = iterPolicy.next(); + + if(xPolicy != null) { + ret = new RangerPolicy(); + + ret.setId(xPolicy.getId()); + ret.setGuid(xPolicy.getGuid()); + ret.setIsEnabled(xPolicy.getIsEnabled()); + ret.setCreatedBy(lookupCache.getUserScreenName(xPolicy.getAddedByUserId())); + ret.setUpdatedBy(lookupCache.getUserScreenName(xPolicy.getUpdatedByUserId())); + ret.setCreateTime(xPolicy.getCreateTime()); + ret.setUpdateTime(xPolicy.getUpdateTime()); + ret.setVersion(xPolicy.getVersion()); + ret.setService(service == null ? null : service.getName()); + ret.setName(xPolicy.getName()); + ret.setPolicyType(xPolicy.getPolicyType()); + ret.setDescription(xPolicy.getDescription()); + ret.setResourceSignature(xPolicy.getResourceSignature()); + ret.setIsAuditEnabled(xPolicy.getIsAuditEnabled()); + + getResource(ret); + getPolicyItems(ret); + } + } + + return ret; + } + + List<RangerPolicy> getAllPolicies() { + List<RangerPolicy> ret = new ArrayList<RangerPolicy>(); + + while(iterPolicy.hasNext()) { + RangerPolicy policy = getNextPolicy(); + + if(policy != null) { + ret.add(policy); + } + } + + if(! hasProcessedAll()) { + LOG.warn("getAllPolicies(): perhaps one or more policies got updated during retrieval. Falling back to secondary method"); + + ret = getAllPoliciesBySecondary(); + } + + return ret; + } + + List<RangerPolicy> getAllPoliciesBySecondary() { + List<RangerPolicy> ret = null; + + if(service != null) { + List<XXPolicy> xPolicies = daoMgr.getXXPolicy().findByServiceId(service.getId()); + + if(CollectionUtils.isNotEmpty(xPolicies)) { + ret = new ArrayList<RangerPolicy>(xPolicies.size()); + + for(XXPolicy xPolicy : xPolicies) { + RetrieverContext ctx = new RetrieverContext(xPolicy, service); + + RangerPolicy policy = ctx.getNextPolicy(); + + if(policy != null) { + ret.add(policy); + } + } + } + } + + return ret; + } + + private boolean hasProcessedAll() { + boolean moreToProcess = iterPolicy.hasNext() + || iterResources.hasNext() + || iterResourceMaps.hasNext() + || iterPolicyItems.hasNext() + || iterUserPerms.hasNext() + || iterGroupPerms.hasNext() + || iterAccesses.hasNext() + || iterConditions.hasNext(); + + return !moreToProcess; + } + + private void getResource(RangerPolicy policy) { + while(iterResources.hasNext()) { + XXPolicyResource xResource = iterResources.next(); + + if(xResource.getPolicyid().equals(policy.getId())) { + RangerPolicyResource resource = new RangerPolicyResource(); + + resource.setIsExcludes(xResource.getIsexcludes()); + resource.setIsRecursive(xResource.getIsrecursive()); + + while(iterResourceMaps.hasNext()) { + XXPolicyResourceMap xResourceMap = iterResourceMaps.next(); + + if(xResourceMap.getResourceid().equals(xResource.getId())) { + resource.getValues().add(xResourceMap.getValue()); + } else { + if(iterResourceMaps.hasPrevious()) { + iterResourceMaps.previous(); + } + break; + } + } + + policy.getResources().put(lookupCache.getResourceName(xResource.getResdefid()), resource); + } else if(xResource.getPolicyid().compareTo(policy.getId()) > 0) { + if(iterResources.hasPrevious()) { + iterResources.previous(); + } + break; + } + } + } + + private void getPolicyItems(RangerPolicy policy) { + while(iterPolicyItems.hasNext()) { + XXPolicyItem xPolicyItem = iterPolicyItems.next(); + + if(xPolicyItem.getPolicyid().equals(policy.getId())) { + RangerPolicyItem policyItem = new RangerPolicyItem(); + + policyItem.setDelegateAdmin(xPolicyItem.getDelegateAdmin()); + + while(iterUserPerms.hasNext()) { + XXPolicyItemUserPerm xUserPerm = iterUserPerms.next(); + + if(xUserPerm.getPolicyitemid().equals(xPolicyItem.getId())) { + policyItem.getUsers().add(lookupCache.getUserName(xUserPerm.getUserid())); + } else { + if(iterUserPerms.hasPrevious()) { + iterUserPerms.previous(); + } + break; + } + } + + while(iterGroupPerms.hasNext()) { + XXPolicyItemGroupPerm xGroupPerm = iterGroupPerms.next(); + + if(xGroupPerm.getPolicyitemid().equals(xPolicyItem.getId())) { + policyItem.getGroups().add(lookupCache.getGroupName(xGroupPerm.getGroupid())); + } else { + if(iterGroupPerms.hasPrevious()) { + iterGroupPerms.previous(); + } + break; + } + } + + while(iterAccesses.hasNext()) { + XXPolicyItemAccess xAccess = iterAccesses.next(); + + if(xAccess.getPolicyitemid().equals(xPolicyItem.getId())) { + policyItem.getAccesses().add(new RangerPolicyItemAccess(lookupCache.getAccessType(xAccess.getType()), xAccess.getIsallowed())); + } else { + if(iterAccesses.hasPrevious()) { + iterAccesses.previous(); + } + break; + } + } + + RangerPolicyItemCondition condition = null; + Long prevConditionType = null; + while(iterConditions.hasNext()) { + XXPolicyItemCondition xCondition = iterConditions.next(); + + if(xCondition.getPolicyitemid().equals(xPolicyItem.getId())) { + if(! xCondition.getType().equals(prevConditionType)) { + condition = new RangerPolicyItemCondition(); + condition.setType(lookupCache.getConditionType(xCondition.getType())); + condition.getValues().add(xCondition.getValue()); + + policyItem.getConditions().add(condition); + + prevConditionType = xCondition.getType(); + } else { + condition.getValues().add(xCondition.getValue()); + } + } else { + if(iterConditions.hasPrevious()) { + iterConditions.previous(); + } + break; + } + } + + policy.getPolicyItems().add(policyItem); + } else if(xPolicyItem.getPolicyid().compareTo(policy.getId()) > 0) { + if(iterPolicyItems.hasPrevious()) { + iterPolicyItems.previous(); + } + break; + } + } + } + } +} + http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e7d18115/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index dad652d..97b6846 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -181,6 +181,7 @@ public class ServiceDBStore implements ServiceStore { @Autowired RangerFactory factory; + private static volatile boolean legacyServiceDefsInitDone = false; private Boolean populateExistingBaseFields = false; @@ -1558,6 +1559,23 @@ public class ServiceDBStore implements ServiceStore { return ret; } + private List<RangerPolicy> getServicePolicies(XXService service) throws Exception { + if(LOG.isDebugEnabled()) { + LOG.debug("==> ServiceDBStore.getServicePolicies(" + service.getName() + ")"); + } + + RangerPolicyRetriever policyRetriever = new RangerPolicyRetriever(daoMgr); + + List<RangerPolicy> ret = policyRetriever.getServicePolicies(service); + + if(LOG.isDebugEnabled()) { + LOG.debug("<== ServiceDBStore.getServicePolicies(" + service.getName() + "): count=" + ((ret == null) ? 0 : ret.size())); + } + + return ret; + } + + public RangerPolicyList getPaginatedServicePolicies(Long serviceId, SearchFilter filter) throws Exception { if (LOG.isDebugEnabled()) { LOG.debug("==> ServiceDBStore.getPaginatedServicePolicies(" + serviceId + ")"); @@ -1640,7 +1658,7 @@ public class ServiceDBStore implements ServiceStore { throw new Exception("service-def does not exist. id=" + serviceDbObj.getType()); } - List<RangerPolicy> policies = getServicePolicies(serviceName, null); + List<RangerPolicy> policies = getServicePolicies(serviceDbObj); ret = new ServicePolicies(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e7d18115/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemAccessDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemAccessDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemAccessDao.java index d9952e0..de37e10 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemAccessDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemAccessDao.java @@ -44,6 +44,32 @@ public class XXPolicyItemAccessDao extends BaseDao<XXPolicyItemAccess> { } } + public List<XXPolicyItemAccess> findByPolicyId(Long policyId) { + if(policyId == null) { + return new ArrayList<XXPolicyItemAccess>(); + } + try { + return getEntityManager() + .createNamedQuery("XXPolicyItemAccess.findByPolicyId", tClass) + .setParameter("policyId", policyId).getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXPolicyItemAccess>(); + } + } + + public List<XXPolicyItemAccess> findByServiceId(Long serviceId) { + if(serviceId == null) { + return new ArrayList<XXPolicyItemAccess>(); + } + try { + return getEntityManager() + .createNamedQuery("XXPolicyItemAccess.findByServiceId", tClass) + .setParameter("serviceId", serviceId).getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXPolicyItemAccess>(); + } + } + public List<XXPolicyItemAccess> findByType(Long type) { if (type == null) { return new ArrayList<XXPolicyItemAccess>(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e7d18115/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemConditionDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemConditionDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemConditionDao.java index 4ed59f1..11596ef 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemConditionDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemConditionDao.java @@ -44,6 +44,32 @@ public class XXPolicyItemConditionDao extends BaseDao<XXPolicyItemCondition> { } } + public List<XXPolicyItemCondition> findByPolicyId(Long policyId) { + if(policyId == null) { + return new ArrayList<XXPolicyItemCondition>(); + } + try { + return getEntityManager() + .createNamedQuery("XXPolicyItemCondition.findByPolicyId", tClass) + .setParameter("policyId", policyId).getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXPolicyItemCondition>(); + } + } + + public List<XXPolicyItemCondition> findByServiceId(Long serviceId) { + if(serviceId == null) { + return new ArrayList<XXPolicyItemCondition>(); + } + try { + return getEntityManager() + .createNamedQuery("XXPolicyItemCondition.findByServiceId", tClass) + .setParameter("serviceId", serviceId).getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXPolicyItemCondition>(); + } + } + public List<XXPolicyItemCondition> findByPolicyItemAndDefId(Long polItemId, Long polCondDefId) { if(polItemId == null || polCondDefId == null) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e7d18115/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemDao.java index 9c3fe2e..5677173 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemDao.java @@ -53,4 +53,20 @@ public class XXPolicyItemDao extends BaseDao<XXPolicyItem> { } } + public List<XXPolicyItem> findByServiceId(Long serviceId) { + if (serviceId == null) { + return new ArrayList<XXPolicyItem>(); + } + try { + List<XXPolicyItem> returnList = getEntityManager() + .createNamedQuery("XXPolicyItem.findByServiceId", tClass) + .setParameter("serviceId", serviceId).getResultList(); + if (returnList == null) { + return new ArrayList<XXPolicyItem>(); + } + return returnList; + } catch (NoResultException e) { + return new ArrayList<XXPolicyItem>(); + } + } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e7d18115/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemGroupPermDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemGroupPermDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemGroupPermDao.java index fe0c806..8c05699 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemGroupPermDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemGroupPermDao.java @@ -44,4 +44,29 @@ public class XXPolicyItemGroupPermDao extends BaseDao<XXPolicyItemGroupPerm> { } } + public List<XXPolicyItemGroupPerm> findByPolicyId(Long policyId) { + if(policyId == null) { + return new ArrayList<XXPolicyItemGroupPerm>(); + } + try { + return getEntityManager() + .createNamedQuery("XXPolicyItemGroupPerm.findByPolicyId", tClass) + .setParameter("policyId", policyId).getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXPolicyItemGroupPerm>(); + } + } + + public List<XXPolicyItemGroupPerm> findByServiceId(Long serviceId) { + if(serviceId == null) { + return new ArrayList<XXPolicyItemGroupPerm>(); + } + try { + return getEntityManager() + .createNamedQuery("XXPolicyItemGroupPerm.findByServiceId", tClass) + .setParameter("serviceId", serviceId).getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXPolicyItemGroupPerm>(); + } + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e7d18115/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemUserPermDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemUserPermDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemUserPermDao.java index d8235bc..40a0da1 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemUserPermDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyItemUserPermDao.java @@ -44,4 +44,29 @@ public class XXPolicyItemUserPermDao extends BaseDao<XXPolicyItemUserPerm> { } } + public List<XXPolicyItemUserPerm> findByPolicyId(Long policyId) { + if(policyId == null) { + return new ArrayList<XXPolicyItemUserPerm>(); + } + try { + return getEntityManager() + .createNamedQuery("XXPolicyItemUserPerm.findByPolicyId", tClass) + .setParameter("policyId", policyId).getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXPolicyItemUserPerm>(); + } + } + + public List<XXPolicyItemUserPerm> findByServiceId(Long serviceId) { + if(serviceId == null) { + return new ArrayList<XXPolicyItemUserPerm>(); + } + try { + return getEntityManager() + .createNamedQuery("XXPolicyItemUserPerm.findByServiceId", tClass) + .setParameter("serviceId", serviceId).getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXPolicyItemUserPerm>(); + } + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e7d18115/security-admin/src/main/java/org/apache/ranger/db/XXPolicyResourceDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyResourceDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyResourceDao.java index 0cdb75e..4b04b96 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyResourceDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyResourceDao.java @@ -58,6 +58,19 @@ public class XXPolicyResourceDao extends BaseDao<XXPolicyResource> { } } + public List<XXPolicyResource> findByServiceId(Long serviceId) { + if(serviceId == null) { + return new ArrayList<XXPolicyResource>(); + } + try { + return getEntityManager() + .createNamedQuery("XXPolicyResource.findByServiceId", tClass) + .setParameter("serviceId", serviceId).getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXPolicyResource>(); + } + } + public List<XXPolicyResource> findByResDefId(Long resDefId) { if (resDefId == null) { return new ArrayList<XXPolicyResource>(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e7d18115/security-admin/src/main/java/org/apache/ranger/db/XXPolicyResourceMapDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyResourceMapDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyResourceMapDao.java index ecf4da0..7065737 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyResourceMapDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyResourceMapDao.java @@ -44,4 +44,29 @@ public class XXPolicyResourceMapDao extends BaseDao<XXPolicyResourceMap> { } } + public List<XXPolicyResourceMap> findByPolicyId(Long policyId) { + if(policyId == null) { + return new ArrayList<XXPolicyResourceMap>(); + } + try { + return getEntityManager() + .createNamedQuery("XXPolicyResourceMap.findByPolicyId", tClass) + .setParameter("policyId", policyId).getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXPolicyResourceMap>(); + } + } + + public List<XXPolicyResourceMap> findByServiceId(Long serviceId) { + if(serviceId == null) { + return new ArrayList<XXPolicyResourceMap>(); + } + try { + return getEntityManager() + .createNamedQuery("XXPolicyResourceMap.findByServiceId", tClass) + .setParameter("serviceId", serviceId).getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXPolicyResourceMap>(); + } + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e7d18115/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index 5371897..7718078 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -79,6 +79,7 @@ import org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator; import org.apache.ranger.plugin.service.ResourceLookupContext; import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil; import org.apache.ranger.plugin.util.GrantRevokeRequest; +import org.apache.ranger.plugin.util.RangerPerfTracer; import org.apache.ranger.plugin.util.SearchFilter; import org.apache.ranger.plugin.util.ServicePolicies; import org.apache.ranger.security.context.RangerAPIList; @@ -104,6 +105,7 @@ import org.springframework.transaction.annotation.Transactional; @Transactional(propagation = Propagation.REQUIRES_NEW) public class ServiceREST { private static final Log LOG = LogFactory.getLog(ServiceREST.class); + private static final Log PERF_LOG = RangerPerfTracer.getPerfLogger("rest.ServiceREST"); @Autowired RESTErrorUtil restErrorUtil; @@ -162,7 +164,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.createServiceDef(" + serviceDef + ")"); } - RangerServiceDef ret = null; + RangerServiceDef ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.createServiceDef(serviceDefName=" + serviceDef.getName() + ")"); + } try { RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore); @@ -178,6 +185,8 @@ public class ServiceREST { LOG.error("createServiceDef(" + serviceDef + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -196,7 +205,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.updateServiceDef(" + serviceDef + ")"); } - RangerServiceDef ret = null; + RangerServiceDef ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.updateServiceDef(serviceDefName=" + serviceDef.getName() + ")"); + } try { RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore); @@ -212,6 +226,8 @@ public class ServiceREST { LOG.error("updateServiceDef(" + serviceDef + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -230,6 +246,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.deleteServiceDef(" + id + ")"); } + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.deleteServiceDef(serviceDefId=" + id + ")"); + } + try { RangerServiceDefValidator validator = validatorFactory.getServiceDefValidator(svcStore); validator.validate(id, Action.DELETE); @@ -251,6 +273,8 @@ public class ServiceREST { LOG.error("deleteServiceDef(" + id + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -267,7 +291,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.getServiceDef(" + id + ")"); } - RangerServiceDef ret = null; + RangerServiceDef ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServiceDef(serviceDefId=" + id + ")"); + } try { XXServiceDef xServiceDef = daoManager.getXXServiceDef().getById(id); @@ -284,6 +313,8 @@ public class ServiceREST { LOG.error("getServiceDef(" + id + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(ret == null) { @@ -306,7 +337,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.getServiceDefByName(" + name + ")"); } - RangerServiceDef ret = null; + RangerServiceDef ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServiceDefByName(serviceDefName=" + name + ")"); + } try { XXServiceDef xServiceDef = daoManager.getXXServiceDef().findByName(name); @@ -325,6 +361,8 @@ public class ServiceREST { LOG.error("getServiceDefByName(" + name + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(ret == null) { @@ -347,7 +385,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.getServiceDefs()"); } - RangerServiceDefList ret = null; + RangerServiceDefList ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServiceDefs()"); + } SearchFilter filter = searchUtil.getSearchFilter(request, serviceDefService.sortFields); @@ -376,7 +419,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.createService(" + service + ")"); } - RangerService ret = null; + RangerService ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.createService(serviceName=" + service.getName() + ")"); + } try { RangerServiceValidator validator = validatorFactory.getServiceValidator(svcStore); @@ -397,6 +445,8 @@ public class ServiceREST { LOG.error("createService(" + service + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -415,7 +465,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.updateService(): " + service); } - RangerService ret = null; + RangerService ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.updateService(serviceName=" + service.getName() + ")"); + } try { RangerServiceValidator validator = validatorFactory.getServiceValidator(svcStore); @@ -436,6 +491,8 @@ public class ServiceREST { LOG.error("updateService(" + service + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -454,6 +511,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.deleteService(" + id + ")"); } + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.deleteService(serviceId=" + id + ")"); + } + try { RangerServiceValidator validator = validatorFactory.getServiceValidator(svcStore); validator.validate(id, Action.DELETE); @@ -474,6 +537,8 @@ public class ServiceREST { LOG.error("deleteService(" + id + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -490,7 +555,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.getService(" + id + ")"); } - RangerService ret = null; + RangerService ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getService(serviceId=" + id + ")"); + } try { ret = svcStore.getService(id); @@ -500,6 +570,8 @@ public class ServiceREST { LOG.error("getService(" + id + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(ret == null) { @@ -522,7 +594,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.getServiceByName(" + name + ")"); } - RangerService ret = null; + RangerService ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getService(serviceName=" + name + ")"); + } try { ret = svcStore.getServiceByName(name); @@ -532,6 +609,8 @@ public class ServiceREST { LOG.error("getServiceByName(" + name + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(ret == null) { @@ -554,7 +633,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.getServices()"); } - RangerServiceList ret = null; + RangerServiceList ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServices()"); + } SearchFilter filter = searchUtil.getSearchFilter(request, svcService.sortFields); @@ -566,6 +650,8 @@ public class ServiceREST { LOG.error("getServices() failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if (LOG.isDebugEnabled()) { @@ -579,7 +665,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.getServices():"); } - List<RangerService> ret = null; + List<RangerService> ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServices()"); + } try { ret = svcStore.getServices(filter); @@ -589,6 +680,8 @@ public class ServiceREST { LOG.error("getServices() failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -608,7 +701,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.countServices():"); } - Long ret = null; + Long ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.countService()"); + } try { List<RangerService> services = getServices(request).getServices(); @@ -620,6 +718,8 @@ public class ServiceREST { LOG.error("countServices() failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -638,7 +738,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.validateConfig(" + service + ")"); } - VXResponse ret = new VXResponse(); + VXResponse ret = new VXResponse(); + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.validateConfig(serviceName=" + service.getName() + ")"); + } try { ret = serviceMgr.validateConfig(service, svcStore); @@ -648,6 +753,8 @@ public class ServiceREST { LOG.error("validateConfig(" + service + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -666,7 +773,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.lookupResource(" + serviceName + ")"); } - List<String> ret = new ArrayList<String>(); + List<String> ret = new ArrayList<String>(); + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.lookupResource(serviceName=" + serviceName + ")"); + } try { ret = serviceMgr.lookupResource(serviceName,context, svcStore); @@ -676,6 +788,8 @@ public class ServiceREST { LOG.error("lookupResource(" + serviceName + ", " + context + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -693,7 +807,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.grantAccess(" + serviceName + ", " + grantRequest + ")"); } - RESTResponse ret = new RESTResponse(); + RESTResponse ret = new RESTResponse(); + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.grantAccess(serviceName=" + serviceName + ")"); + } if (serviceUtil.isValidateHttpsAuthentication(serviceName, request)) { @@ -825,6 +944,8 @@ public class ServiceREST { LOG.error("grantAccess(" + serviceName + ", " + grantRequest + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } ret.setStatusCode(RESTResponse.STATUS_SUCCESS); @@ -845,7 +966,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.revokeAccess(" + serviceName + ", " + revokeRequest + ")"); } - RESTResponse ret = new RESTResponse(); + RESTResponse ret = new RESTResponse(); + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.revokeAccess(serviceName=" + serviceName + ")"); + } if (serviceUtil.isValidateHttpsAuthentication(serviceName,request)) { @@ -922,6 +1048,8 @@ public class ServiceREST { LOG.error("revokeAccess(" + serviceName + ", " + revokeRequest + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } ret.setStatusCode(RESTResponse.STATUS_SUCCESS); @@ -942,7 +1070,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.createPolicy(" + policy + ")"); } - RangerPolicy ret = null; + RangerPolicy ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.createPolicy(policyName=" + policy.getName() + ")"); + } try { // this needs to happen before validator is called @@ -974,6 +1107,8 @@ public class ServiceREST { LOG.error("createPolicy(" + policy + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -991,7 +1126,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.updatePolicy(" + policy + ")"); } - RangerPolicy ret = null; + RangerPolicy ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.updatePolicy(policyId=" + policy.getId() + ")"); + } try { RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore); @@ -1006,6 +1146,8 @@ public class ServiceREST { LOG.error("updatePolicy(" + policy + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -1023,6 +1165,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.deletePolicy(" + id + ")"); } + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.deletePolicy(policyId=" + id + ")"); + } + try { RangerPolicyValidator validator = validatorFactory.getPolicyValidator(svcStore); validator.validate(id, Action.DELETE); @@ -1038,6 +1186,8 @@ public class ServiceREST { LOG.error("deletePolicy(" + id + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -1053,7 +1203,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.getPolicy(" + id + ")"); } - RangerPolicy ret = null; + RangerPolicy ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getPolicy(policyId=" + id + ")"); + } try { ret = svcStore.getPolicy(id); @@ -1067,6 +1222,8 @@ public class ServiceREST { LOG.error("getPolicy(" + id + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(ret == null) { @@ -1088,7 +1245,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.getPolicies()"); } - RangerPolicyList ret = null; + RangerPolicyList ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getPolicies()"); + } SearchFilter filter = searchUtil.getSearchFilter(request, policyService.sortFields); @@ -1102,6 +1264,8 @@ public class ServiceREST { LOG.error("getPolicies() failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if (LOG.isDebugEnabled()) { @@ -1115,7 +1279,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.getPolicies(filter)"); } - List<RangerPolicy> ret = null; + List<RangerPolicy> ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getPolicies()"); + } try { ret = svcStore.getPolicies(filter); @@ -1127,6 +1296,8 @@ public class ServiceREST { LOG.error("getPolicies() failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -1144,7 +1315,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.countPolicies():"); } - Long ret = null; + Long ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.countPolicies()"); + } try { List<RangerPolicy> policies = getPolicies(request).getPolicies(); @@ -1158,6 +1334,8 @@ public class ServiceREST { LOG.error("countPolicies() failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if(LOG.isDebugEnabled()) { @@ -1176,7 +1354,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.getServicePolicies(" + serviceId + ")"); } - RangerPolicyList ret = null; + RangerPolicyList ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServicePolicies(serviceId=" + serviceId + ")"); + } SearchFilter filter = searchUtil.getSearchFilter(request, policyService.sortFields); @@ -1190,6 +1373,8 @@ public class ServiceREST { LOG.error("getServicePolicies(" + serviceId + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if (ret == null) { @@ -1212,7 +1397,12 @@ public class ServiceREST { LOG.debug("==> ServiceREST.getServicePolicies(" + serviceName + ")"); } - RangerPolicyList ret = null; + RangerPolicyList ret = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServicePolicies(serviceName=" + serviceName + ")"); + } SearchFilter filter = searchUtil.getSearchFilter(request, policyService.sortFields); @@ -1226,6 +1416,8 @@ public class ServiceREST { LOG.error("getServicePolicies(" + serviceName + ") failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); + } finally { + RangerPerfTracer.log(perf); } if (ret == null) { @@ -1251,6 +1443,11 @@ public class ServiceREST { ServicePolicies ret = null; int httpCode = HttpServletResponse.SC_OK; String logMsg = null; + RangerPerfTracer perf = null; + + if(RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) { + perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServicePoliciesIfUpdated(serviceName=" + serviceName + ")"); + } if (serviceUtil.isValidateHttpsAuthentication(serviceName, request)) { if(lastKnownVersion == null) { @@ -1274,6 +1471,8 @@ public class ServiceREST { logMsg = excp.getMessage(); } finally { createPolicyDownloadAudit(serviceName, lastKnownVersion, pluginId, ret, httpCode, request); + + RangerPerfTracer.log(perf); } if(httpCode != HttpServletResponse.SC_OK) { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e7d18115/security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java index ee1b589..1c65436 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerBaseModelService.java @@ -41,8 +41,12 @@ import org.apache.ranger.common.StringUtil; import org.apache.ranger.common.db.BaseDao; import org.apache.ranger.common.view.VList; import org.apache.ranger.db.RangerDaoManager; +import org.apache.ranger.entity.XXAccessTypeDef; import org.apache.ranger.entity.XXDBBase; +import org.apache.ranger.entity.XXGroup; +import org.apache.ranger.entity.XXPolicyConditionDef; import org.apache.ranger.entity.XXPortalUser; +import org.apache.ranger.entity.XXResourceDef; import org.apache.ranger.plugin.model.RangerBaseModelObject; import org.apache.ranger.plugin.util.SearchFilter; import org.springframework.beans.factory.annotation.Autowired; @@ -144,53 +148,14 @@ public abstract class RangerBaseModelService<T extends XXDBBase, V extends Range } return entityDao; } - + protected V populateViewBean(T entityObj) { V vObj = createViewObject(); vObj.setId(entityObj.getId()); vObj.setCreateTime(entityObj.getCreateTime()); vObj.setUpdateTime(entityObj.getUpdateTime()); - - if (entityObj.getAddedByUserId() != null) { - XXPortalUser tUser = daoMgr.getXXPortalUser().getById( - entityObj.getUpdatedByUserId()); - if(tUser == null) { - // nothing to do - } else if (!stringUtil.isEmpty(tUser.getPublicScreenName())) { - vObj.setCreatedBy(tUser.getPublicScreenName()); - } else { - if (!stringUtil.isEmpty(tUser.getFirstName())) { - if (!stringUtil.isEmpty(tUser.getLastName())) { - vObj.setCreatedBy(tUser.getFirstName() + " " - + tUser.getLastName()); - } else { - vObj.setCreatedBy(tUser.getFirstName()); - } - } else { - vObj.setCreatedBy(tUser.getLoginId()); - } - } - } - if (entityObj.getUpdatedByUserId() != null) { - XXPortalUser tUser = daoMgr.getXXPortalUser().getById( - entityObj.getUpdatedByUserId()); - if(tUser == null) { - // nothing to do - } else if (!stringUtil.isEmpty(tUser.getPublicScreenName())) { - vObj.setUpdatedBy(tUser.getPublicScreenName()); - } else { - if (!stringUtil.isEmpty(tUser.getFirstName())) { - if (!stringUtil.isEmpty(tUser.getLastName())) { - vObj.setUpdatedBy(tUser.getFirstName() + " " - + tUser.getLastName()); - } else { - vObj.setUpdatedBy(tUser.getFirstName()); - } - } else { - vObj.setUpdatedBy(tUser.getLoginId()); - } - } - } + vObj.setCreatedBy(getUserScreenName(entityObj.getAddedByUserId())); + vObj.setUpdatedBy(getUserScreenName(entityObj.getUpdatedByUserId())); return mapEntityToViewBean(vObj, entityObj); } @@ -426,4 +391,88 @@ public abstract class RangerBaseModelService<T extends XXDBBase, V extends Range return bizUtil.getClassType(tEntityClass); } + + protected String getUserScreenName(Long userId) { + String ret = null; + + XXPortalUser xPortalUser = userId == null ? null : daoMgr.getXXPortalUser().getById(userId); + + if(xPortalUser != null) { + ret = xPortalUser.getPublicScreenName(); + + if (stringUtil.isEmpty(ret)) { + ret = xPortalUser.getFirstName(); + + if(stringUtil.isEmpty(ret)) { + ret = xPortalUser.getLoginId(); + } else { + if(!stringUtil.isEmpty(xPortalUser.getLastName())) { + ret += (" " + xPortalUser.getLastName()); + } + } + } + } + + return ret; + } + + protected String getUserName(Long userId) { + String ret = null; + + XXPortalUser xPortalUser = userId == null ? null : daoMgr.getXXPortalUser().getById(userId); + + if(xPortalUser != null) { + ret = xPortalUser.getLoginId(); + } + + return ret; + } + + protected String getGroupName(Long groupId) { + String ret = null; + + XXGroup xGroup = groupId == null ? null : daoMgr.getXXGroup().getById(groupId); + + if(xGroup != null) { + ret = xGroup.getName(); + } + + return ret; + } + + protected String getAccessTypeName(Long accessTypeDefId) { + String ret = null; + + XXAccessTypeDef accessTypeDef = accessTypeDefId == null ? null : daoMgr.getXXAccessTypeDef().getById(accessTypeDefId); + + if(accessTypeDef != null) { + ret = accessTypeDef.getName(); + } + + return ret; + } + + protected String getConditionName(Long conditionDefId) { + String ret = null; + + XXPolicyConditionDef conditionDef = conditionDefId == null ? null : daoMgr.getXXPolicyConditionDef().getById(conditionDefId); + + if(conditionDef != null) { + ret = conditionDef.getName(); + } + + return ret; + } + + protected String getResourceName(Long resourceDefId) { + String ret = null; + + XXResourceDef resourceDef = resourceDefId == null ? null : daoMgr.getXXResourceDef().getById(resourceDefId); + + if(resourceDef != null) { + ret = resourceDef.getName(); + } + + return ret; + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e7d18115/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java index 224f0cd..d853972 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java @@ -24,6 +24,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import org.apache.ranger.biz.RangerPolicyRetriever; import org.apache.ranger.common.AppConstants; import org.apache.ranger.common.JSONUtil; import org.apache.ranger.common.MessageEnums; @@ -97,13 +98,9 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range @Override protected RangerPolicy populateViewBean(XXPolicy xPolicy) { - RangerPolicy vPolicy = super.populateViewBean(xPolicy); - - Map<String, RangerPolicyResource> resources = getResourcesForXXPolicy(xPolicy); - vPolicy.setResources(resources); - - List<RangerPolicyItem> policyItems = getPolicyItemListForXXPolicy(xPolicy); - vPolicy.setPolicyItems(policyItems); + RangerPolicyRetriever retriever = new RangerPolicyRetriever(daoMgr); + + RangerPolicy vPolicy = retriever.getPolicy(xPolicy); return vPolicy; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e7d18115/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java index 9584c3d..96d512b 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java @@ -18,9 +18,7 @@ package org.apache.ranger.service; import java.util.ArrayList; -import java.util.HashMap; import java.util.List; -import java.util.Map; import org.apache.commons.lang.StringUtils; import org.apache.ranger.common.GUIDUtil; @@ -30,24 +28,10 @@ import org.apache.ranger.common.SortField; import org.apache.ranger.common.SearchField.DATA_TYPE; import org.apache.ranger.common.SearchField.SEARCH_TYPE; import org.apache.ranger.common.SortField.SORT_ORDER; -import org.apache.ranger.db.XXAccessTypeDefDao; -import org.apache.ranger.db.XXPolicyResourceDao; -import org.apache.ranger.entity.XXAccessTypeDef; import org.apache.ranger.entity.XXPolicy; import org.apache.ranger.entity.XXPolicyBase; -import org.apache.ranger.entity.XXPolicyConditionDef; -import org.apache.ranger.entity.XXPolicyItem; -import org.apache.ranger.entity.XXPolicyItemAccess; -import org.apache.ranger.entity.XXPolicyItemCondition; -import org.apache.ranger.entity.XXPolicyResource; -import org.apache.ranger.entity.XXPolicyResourceMap; -import org.apache.ranger.entity.XXResourceDef; import org.apache.ranger.entity.XXService; import org.apache.ranger.plugin.model.RangerPolicy; -import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem; -import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess; -import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition; -import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; import org.apache.ranger.plugin.util.SearchFilter; import org.apache.ranger.view.RangerPolicyList; import org.springframework.beans.factory.annotation.Autowired; @@ -143,92 +127,4 @@ public abstract class RangerPolicyServiceBase<T extends XXPolicyBase, V extends return retList; } - - public List<RangerPolicyItem> getPolicyItemListForXXPolicy(XXPolicyBase xPolicy) { - - List<RangerPolicyItem> policyItems = new ArrayList<RangerPolicyItem>(); - List<XXPolicyItem> xPolicyItemList = daoMgr.getXXPolicyItem().findByPolicyId(xPolicy.getId()); - - for (XXPolicyItem xPolItem : xPolicyItemList) { - RangerPolicyItem policyItem = populateXXToRangerPolicyItem(xPolItem); - policyItems.add(policyItem); - } - return policyItems; - } - - public RangerPolicyItem populateXXToRangerPolicyItem(XXPolicyItem xPolItem) { - - RangerPolicyItem rangerPolItem = new RangerPolicyItem(); - - List<XXPolicyItemAccess> xPolItemAccList = daoMgr.getXXPolicyItemAccess().findByPolicyItemId(xPolItem.getId()); - List<RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicyItemAccess>(); - - XXAccessTypeDefDao xAccDefDao = daoMgr.getXXAccessTypeDef(); - for (XXPolicyItemAccess xPolAccess : xPolItemAccList) { - RangerPolicyItemAccess access = new RangerPolicyItemAccess(); - access.setIsAllowed(xPolAccess.getIsallowed()); - XXAccessTypeDef xAccessType = xAccDefDao.getById(xPolAccess.getType()); - access.setType(xAccessType.getName()); - - accesses.add(access); - } - rangerPolItem.setAccesses(accesses); - - List<RangerPolicyItemCondition> conditions = new ArrayList<RangerPolicyItemCondition>(); - List<XXPolicyConditionDef> xConditionDefList = daoMgr.getXXPolicyConditionDef().findByPolicyItemId( - xPolItem.getId()); - for (XXPolicyConditionDef xCondDef : xConditionDefList) { - - List<XXPolicyItemCondition> xPolCondItemList = daoMgr.getXXPolicyItemCondition().findByPolicyItemAndDefId( - xPolItem.getId(), xCondDef.getId()); - List<String> values = new ArrayList<String>(); - - for (XXPolicyItemCondition polCond : xPolCondItemList) { - values.add(polCond.getValue()); - } - - RangerPolicyItemCondition condition = new RangerPolicyItemCondition(); - condition.setType(xCondDef.getName()); - condition.setValues(values); - - conditions.add(condition); - } - rangerPolItem.setConditions(conditions); - - List<String> userList = daoMgr.getXXUser().findByPolicyItemId(xPolItem.getId()); - List<String> grpList = daoMgr.getXXGroup().findByPolicyItemId(xPolItem.getId()); - - rangerPolItem.setUsers(userList); - rangerPolItem.setGroups(grpList); - - rangerPolItem.setDelegateAdmin(xPolItem.getDelegateAdmin()); - return rangerPolItem; - } - - public Map<String, RangerPolicyResource> getResourcesForXXPolicy(XXPolicyBase xPolicy) { - List<XXResourceDef> resDefList = daoMgr.getXXResourceDef().findByPolicyId(xPolicy.getId()); - Map<String, RangerPolicyResource> resources = new HashMap<String, RangerPolicyResource>(); - - XXPolicyResourceDao xPolResDao = daoMgr.getXXPolicyResource(); - for (XXResourceDef xResDef : resDefList) { - XXPolicyResource xPolRes = xPolResDao.findByResDefIdAndPolicyId(xResDef.getId(), xPolicy.getId()); - if (xPolRes == null) { - continue; - } - List<String> values = new ArrayList<>(); - List<XXPolicyResourceMap> xPolResMapList = daoMgr.getXXPolicyResourceMap().findByPolicyResId( - xPolRes.getId()); - for (XXPolicyResourceMap xPolResMap : xPolResMapList) { - values.add(xPolResMap.getValue()); - } - RangerPolicyResource resource = new RangerPolicyResource(); - resource.setValues(values); - resource.setIsExcludes(xPolRes.getIsexcludes()); - resource.setIsRecursive(xPolRes.getIsrecursive()); - - resources.put(xResDef.getName(), resource); - } - return resources; - } - } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e7d18115/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyWithAssignedIdService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyWithAssignedIdService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyWithAssignedIdService.java index 35e9f98..cf59c91 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyWithAssignedIdService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyWithAssignedIdService.java @@ -17,15 +17,12 @@ package org.apache.ranger.service; -import java.util.List; -import java.util.Map; +import org.apache.ranger.biz.RangerPolicyRetriever; import org.apache.ranger.common.JSONUtil; import org.apache.ranger.entity.XXPolicyBase; import org.apache.ranger.entity.XXPolicyWithAssignedId; import org.apache.ranger.plugin.model.RangerPolicy; -import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem; -import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; @@ -60,13 +57,9 @@ public class RangerPolicyWithAssignedIdService extends RangerPolicyServiceBase<X @Override protected RangerPolicy populateViewBean(XXPolicyWithAssignedId xPolicy) { - RangerPolicy vPolicy = super.populateViewBean(xPolicy); + RangerPolicyRetriever retriever = new RangerPolicyRetriever(daoMgr); - Map<String, RangerPolicyResource> resources = getResourcesForXXPolicy(xPolicy); - vPolicy.setResources(resources); - - List<RangerPolicyItem> policyItems = getPolicyItemListForXXPolicy(xPolicy); - vPolicy.setPolicyItems(policyItems); + RangerPolicy vPolicy = retriever.getPolicy(xPolicy.getId()); return vPolicy; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e7d18115/security-admin/src/main/resources/META-INF/jpa_named_queries.xml ---------------------------------------------------------------------- diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml index 12c4c6d..65dd17f 100644 --- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml +++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml @@ -205,7 +205,17 @@ <!-- XXPolicyItem --> <named-query name="XXPolicyItem.findByPolicyId"> - <query>select obj from XXPolicyItem obj where obj.policyId = :policyId order by obj.order</query> + <query>select obj from XXPolicyItem obj + where obj.policyId = :policyId + order by obj.id + </query> + </named-query> + + <named-query name="XXPolicyItem.findByServiceId"> + <query>select obj from XXPolicyItem obj + where obj.policyId in (select policy.id from XXPolicy policy where policy.service = :serviceId) + order by obj.policyId, obj.id + </query> </named-query> <!-- XXPolicy --> @@ -378,7 +388,17 @@ </named-query> <named-query name="XXPolicyResource.findByPolicyId"> - <query>select obj from XXPolicyResource obj where obj.policyId = :policyId</query> + <query>select obj from XXPolicyResource obj + where obj.policyId = :policyId + order by obj.id + </query> + </named-query> + + <named-query name="XXPolicyResource.findByServiceId"> + <query>select obj from XXPolicyResource obj + where obj.policyId in (select policy.id from XXPolicy policy where policy.service = :serviceId) + order by obj.policyId, obj.id + </query> </named-query> <named-query name="XXPolicyResource.findByResDefId"> @@ -390,6 +410,22 @@ <query>select obj from XXPolicyResourceMap obj where obj.resourceId = :polResId order by obj.order</query> </named-query> + <named-query name="XXPolicyResourceMap.findByPolicyId"> + <query>select obj from XXPolicyResourceMap obj, XXPolicyResource res + where obj.resourceId = res.id + and res.policyId = :policyId + order by obj.resourceId, obj.order + </query> + </named-query> + + <named-query name="XXPolicyResourceMap.findByServiceId"> + <query>select obj from XXPolicyResourceMap obj, XXPolicyResource res + where obj.resourceId = res.id + and res.policyId in (select policy.id from XXPolicy policy where policy.service = :serviceId) + order by res.policyId, obj.resourceId, obj.order + </query> + </named-query> + <!-- XXPolicyItemAccess --> <named-query name="XXPolicyItemAccess.findByPolicyItemId"> <query>select obj from XXPolicyItemAccess obj where obj.policyItemId = :polItemId order by obj.order</query> @@ -398,6 +434,22 @@ <named-query name="XXPolicyItemAccess.findByType"> <query>select obj from XXPolicyItemAccess obj where obj.type = :type</query> </named-query> + + <named-query name="XXPolicyItemAccess.findByPolicyId"> + <query>select obj from XXPolicyItemAccess obj, XXPolicyItem item + where obj.policyItemId = item.id + and item.policyId = :policyId + order by obj.policyItemId, obj.order + </query> + </named-query> + + <named-query name="XXPolicyItemAccess.findByServiceId"> + <query>select obj from XXPolicyItemAccess obj, XXPolicyItem item + where obj.policyItemId = item.id + and item.policyId in (select policy.id from XXPolicy policy where policy.service = :serviceId) + order by item.policyId, obj.policyItemId, obj.order + </query> + </named-query> <!-- XXPolicyItemCondition --> <named-query name="XXPolicyItemCondition.findByPolicyItemId"> @@ -412,17 +464,65 @@ <named-query name="XXPolicyItemCondition.findByPolicyConditionDefId"> <query>select obj from XXPolicyItemCondition obj where obj.type = :polCondDefId</query> </named-query> + + <named-query name="XXPolicyItemCondition.findByPolicyId"> + <query>select obj from XXPolicyItemCondition obj, XXPolicyItem item + where obj.policyItemId = item.id + and item.policyId = :policyId + order by obj.policyItemId, obj.type, obj.order + </query> + </named-query> + + <named-query name="XXPolicyItemCondition.findByServiceId"> + <query>select obj from XXPolicyItemCondition obj, XXPolicyItem item + where obj.policyItemId = item.id + and item.policyId in (select policy.id from XXPolicy policy where policy.service = :serviceId) + order by item.policyId, obj.policyItemId, obj.type, obj.order + </query> + </named-query> <!-- XXPolicyItemGroupPerm --> <named-query name="XXPolicyItemGroupPerm.findByPolicyItemId"> <query>select obj from XXPolicyItemGroupPerm obj where obj.policyItemId = :polItemId order by obj.order</query> </named-query> + <named-query name="XXPolicyItemGroupPerm.findByPolicyId"> + <query>select obj from XXPolicyItemGroupPerm obj, XXPolicyItem item + where obj.policyItemId = item.id + and item.policyId = :policyId + order by obj.policyItemId, obj.order + </query> + </named-query> + + <named-query name="XXPolicyItemGroupPerm.findByServiceId"> + <query>select obj from XXPolicyItemGroupPerm obj, XXPolicyItem item + where obj.policyItemId = item.id + and item.policyId in (select policy.id from XXPolicy policy where policy.service = :serviceId) + order by item.policyId, obj.policyItemId, obj.order + </query> + </named-query> + <!-- XXPolicyItemUserPerm --> <named-query name="XXPolicyItemUserPerm.findByPolicyItemId"> <query>select obj from XXPolicyItemUserPerm obj where obj.policyItemId = :polItemId order by obj.order</query> </named-query> + <named-query name="XXPolicyItemUserPerm.findByPolicyId"> + <query>select obj from XXPolicyItemUserPerm obj, XXPolicyItem item + where obj.policyItemId = item.id + and item.policyId = :policyId + order by obj.policyItemId, obj.order + </query> + </named-query> + + <named-query name="XXPolicyItemUserPerm.findByServiceId"> + <query>select obj from XXPolicyItemUserPerm obj, XXPolicyItem item + where obj.policyItemId = item.id + and item.policyId in (select policy.id from XXPolicy policy where policy.service = :serviceId) + order by item.policyId, obj.policyItemId, obj.order + </query> + </named-query> + <!-- XXDataHist --> <named-query name="XXDataHist.findLatestByObjectClassTypeAndObjectId"> <query>select obj from XXDataHist obj where obj.objectId = :objectId http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/e7d18115/security-admin/src/main/webapp/WEB-INF/log4j.xml ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/WEB-INF/log4j.xml b/security-admin/src/main/webapp/WEB-INF/log4j.xml index 22ec74e..3510d02 100644 --- a/security-admin/src/main/webapp/WEB-INF/log4j.xml +++ b/security-admin/src/main/webapp/WEB-INF/log4j.xml @@ -28,6 +28,15 @@ </layout> </appender> + <appender name="perf_appender" class="org.apache.log4j.DailyRollingFileAppender"> + <param name="file" value="${logdir}/ranger_admin_perf.log" /> + <param name="datePattern" value="'.'yyyy-MM-dd" /> + <param name="append" value="true" /> + <layout class="org.apache.log4j.PatternLayout"> + <param name="ConversionPattern" value="%d [%t] %m%n" /> + </layout> + </appender> + <appender name="sql_appender" class="org.apache.log4j.DailyRollingFileAppender"> <param name="file" value="${logdir}/xa_portal_sql.log" /> <param name="datePattern" value="'.'yyyy-MM-dd" /> @@ -74,6 +83,13 @@ <appender-ref ref="xa_log_appender" /> </category> + <!-- + <category name="ranger.perf" additivity="false"> + <priority value="info" /> + <appender-ref ref="perf_appender" /> + </category> + --> + <category name="xa" additivity="false"> <priority value="info" /> <appender-ref ref="xa_log_appender" />
