org.apache.ranger.plugin.policyengine.RangerAccessRequest Java Examples
The following examples show how to use
org.apache.ranger.plugin.policyengine.RangerAccessRequest.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: RangerOptimizedPolicyEvaluator.java From ranger with Apache License 2.0 | 6 votes |
|
@Override
protected boolean hasMatchablePolicyItem(RangerAccessRequest request) {
boolean ret = false;
if (hasPublicGroup || hasCurrentUser || isOwnerMatch(request) || users.contains(request.getUser()) || CollectionUtils.containsAny(groups, request.getUserGroups()) || (CollectionUtils.isNotEmpty(roles) && CollectionUtils.containsAny(roles, RangerAccessRequestUtil.getCurrentUserRolesFromContext(request.getContext())))) {
if(request.isAccessTypeDelegatedAdmin()) {
ret = delegateAdmin;
} else if(hasAllPerms) {
ret = true;
} else {
ret = request.isAccessTypeAny() || accessPerms.contains(request.getAccessType());
}
}
return ret;
}
Example #2
| Source File: RangerAccessedFromClusterTypeCondition.java From ranger with Apache License 2.0 | 6 votes |
|
@Override
public boolean isMatched(RangerAccessRequest request) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerAccessedFromClusterTypeCondition.isMatched(" + condition + ")");
}
final boolean ret;
if (isAlwaysTrue || request.getClusterType() == null) {
ret = isAlwaysTrue;
} else {
ret = condition.getValues().contains(request.getClusterType());
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerAccessedFromClusterTypeCondition.isMatched(" + condition + "): " + ret);
}
return ret;
}
Example #3
| Source File: RangerAccessedNotFromClusterCondition.java From ranger with Apache License 2.0 | 6 votes |
|
@Override
public boolean isMatched(RangerAccessRequest request) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerAccessedNotFromClusterCondition.isMatched(" + condition + ")");
}
final boolean ret;
if (isAlwaysTrue || request.getClusterName() == null) {
ret = true;
} else {
ret = !condition.getValues().contains(request.getClusterName());
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerAccessedNotFromClusterCondition.isMatched(" + condition + "): " + ret);
}
return ret;
}
Example #4
| Source File: RangerIpMatcher.java From ranger with Apache License 2.0 | 6 votes |
|
/**
* Extracts and returns the ip address from the request. Returns null if one can't be obtained out of the request.
* @param request
* @return
*/
String extractIp(final RangerAccessRequest request) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerIpMatcher.extractIp(" + request+ ")");
}
String ip = null;
if (request == null) {
LOG.debug("isMatched: Unexpected: null request object!");
} else {
ip = request.getClientIPAddress();
if (ip == null) {
LOG.debug("isMatched: Unexpected: Client ip in request object is null!");
}
}
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerIpMatcher.extractIp(" + request+ "): " + ip);
}
return ip;
}
Example #5
| Source File: RangerAccessedFromClusterCondition.java From ranger with Apache License 2.0 | 6 votes |
|
@Override
public boolean isMatched(RangerAccessRequest request) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerAccessedFromClusterCondition.isMatched(" + condition + ")");
}
final boolean ret;
if (isAlwaysTrue || request.getClusterName() == null) {
ret = isAlwaysTrue;
} else {
ret = condition.getValues().contains(request.getClusterName());
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerAccessedFromClusterCondition.isMatched(" + condition + "): " + ret);
}
return ret;
}
Example #6
| Source File: RangerAccessedNotFromClusterTypeCondition.java From ranger with Apache License 2.0 | 6 votes |
|
@Override
public boolean isMatched(RangerAccessRequest request) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerAccessedNotFromClusterTypeCondition.isMatched(" + condition + ")");
}
final boolean ret;
if (isAlwaysTrue || request.getClusterType() == null) {
ret = true;
} else {
ret = !condition.getValues().contains(request.getClusterType());
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerAccessedNotFromClusterTypeCondition.isMatched(" + condition + "): " + ret);
}
return ret;
}
Example #7
| Source File: RangerScriptTemplateConditionEvaluator.java From ranger with Apache License 2.0 | 6 votes |
|
@Override
public boolean isMatched(RangerAccessRequest request) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerScriptTemplateConditionEvaluator.isMatched()");
}
boolean ret = super.isMatched(request);
if(reverseResult) {
ret = !ret;
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerScriptTemplateConditionEvaluator.isMatched(): ret=" + ret);
}
return ret;
}
Example #8
| Source File: RangerTagsAllPresentConditionEvaluator.java From ranger with Apache License 2.0 | 6 votes |
|
@Override
public boolean isMatched(RangerAccessRequest request) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerTagsAllPresentConditionEvaluator.isMatched(" + request + ")");
}
boolean matched = true;
if (CollectionUtils.isNotEmpty(policyConditionTags)) {
RangerAccessRequest readOnlyRequest = request.getReadOnlyCopy();
RangerScriptExecutionContext context = new RangerScriptExecutionContext(readOnlyRequest);
Set<String> resourceTags = context.getAllTagTypes();
// check if resource Tags atleast have to have all the tags in policy Condition
matched = resourceTags != null && resourceTags.containsAll(policyConditionTags);
}
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerTagsAllPresentConditionEvaluator.isMatched(" + request+ "): " + matched);
}
return matched;
}
Example #9
| Source File: RangerPolicyEnginePerformanceTest.java From ranger with Apache License 2.0 | 6 votes |
|
@Test
public void policyEngineTest() throws InterruptedException {
List<RangerAccessRequest> requests = requestsCache.getUnchecked(concurrency);
ServicePolicies servicePolicies = servicePoliciesCache.getUnchecked(numberOfPolicies);
RangerPluginContext pluginContext = new RangerPluginContext(new RangerPluginConfig("hive", null, "perf-test", "cl1", "on-prem", RangerPolicyFactory.createPolicyEngineOption()));
final RangerPolicyEngineImpl rangerPolicyEngine = new RangerPolicyEngineImpl(servicePolicies, pluginContext, null);
for (int iterations = 0; iterations < WARM_UP__ITERATIONS; iterations++) {
// using return value of 'isAccessAllowed' with a cheap operation: System#identityHashCode so JIT wont remove it as dead code
System.identityHashCode(rangerPolicyEngine.evaluatePolicies(requests.get(iterations % concurrency), RangerPolicy.POLICY_TYPE_ACCESS, null));
PerfDataRecorder.clearStatistics();
}
final CountDownLatch latch = new CountDownLatch(concurrency);
for (int i = 0; i < concurrency; i++) {
final RangerAccessRequest rangerAccessRequest = requests.get(i);
new Thread(new Runnable() {
@Override
public void run() {
System.identityHashCode(rangerPolicyEngine.evaluatePolicies(rangerAccessRequest, RangerPolicy.POLICY_TYPE_ACCESS, null));
latch.countDown();
}
}, String.format("Client #%s", i)).start();
}
latch.await();
}
Example #10
| Source File: RangerHiveResourcesAccessedTogetherCondition.java From ranger with Apache License 2.0 | 6 votes |
|
@Override
public boolean isMatched(final RangerAccessRequest request) {
boolean ret = true;
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerHiveResourcesAccessedTogetherCondition.isMatched(" + request + ")");
}
if (isInitialized && CollectionUtils.isNotEmpty(matchers)) {
RangerRequestedResources resources = RangerAccessRequestUtil.getRequestedResourcesFromContext(request.getContext());
ret = resources != null && !resources.isMutuallyExcluded(matchers, request.getContext());
} else {
LOG.error("RangerHiveResourcesAccessedTogetherCondition.isMatched() - condition is not initialized correctly and will NOT be enforced");
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerHiveResourcesAccessedTogetherCondition.isMatched(" + request + ")" + ", result=" + ret);
}
return ret;
}
Example #11
| Source File: RangerHiveResourcesNotAccessedTogetherCondition.java From ranger with Apache License 2.0 | 6 votes |
|
@Override
public boolean isMatched(final RangerAccessRequest request) {
boolean ret = true;
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerHiveResourcesNotAccessedTogetherCondition.isMatched(" + request + ")");
}
if (isInitialized && CollectionUtils.isNotEmpty(matchers)) {
RangerRequestedResources resources = RangerAccessRequestUtil.getRequestedResourcesFromContext(request.getContext());
ret = resources == null || resources.isMutuallyExcluded(matchers, request.getContext());
} else {
LOG.error("RangerHiveResourcesNotAccessedTogetherCondition.isMatched() - Enforcer is not initialized correctly, Mutual Exclusion will NOT be enforced");
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerHiveResourcesNotAccessedTogetherCondition.isMatched(" + request + ")" + ", result=" + ret);
}
return ret;
}
Example #12
| Source File: RangerContextAttributeValueNotInCondition.java From ranger with Apache License 2.0 | 6 votes |
|
@Override
public boolean isMatched(RangerAccessRequest request) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerContextAttributeValueNotInCondition.isMatched(" + condition + ")");
}
boolean ret = true;
if(attributeName != null && condition != null && CollectionUtils.isNotEmpty(condition.getValues())) {
Object val = request.getContext().get(attributeName);
if(val != null) {
ret = !condition.getValues().contains(val);
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerContextAttributeValueNotInCondition.isMatched(" + condition + "): " + ret);
}
return ret;
}
Example #13
| Source File: RangerContextAttributeValueInCondition.java From ranger with Apache License 2.0 | 6 votes |
|
@Override
public boolean isMatched(RangerAccessRequest request) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerContextAttributeValueInCondition.isMatched(" + condition + ")");
}
boolean ret = true;
if(attributeName != null && condition != null && CollectionUtils.isNotEmpty(condition.getValues())) {
Object val = request.getContext().get(attributeName);
if(val != null) {
ret = condition.getValues().contains(val);
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerContextAttributeValueInCondition.isMatched(" + condition + "): " + ret);
}
return ret;
}
Example #14
| Source File: RangerUserStoreEnricher.java From ranger with Apache License 2.0 | 6 votes |
|
@Override
public void enrich(RangerAccessRequest request, Object dataStore) {
// Unused by Solr plugin as document level authorization gets RangerUserStore from AuthContext
if (LOG.isDebugEnabled()) {
LOG.debug("==> RangerUserStoreEnricher.enrich(" + request + ") with dataStore:[" + dataStore + "]");
}
final RangerUserStore rangerUserStore;
if (dataStore instanceof RangerUserStore) {
rangerUserStore = (RangerUserStore) dataStore;
} else {
rangerUserStore = this.rangerUserStore;
if (dataStore != null) {
LOG.warn("Incorrect type of dataStore :[" + dataStore.getClass().getName() + "], falling back to original enrich");
}
}
RangerAccessRequestUtil.setRequestUserStoreInContext(request.getContext(), rangerUserStore);
if (LOG.isDebugEnabled()) {
LOG.debug("<== RangerUserStoreEnricher.enrich(" + request + ") with dataStore:[" + dataStore + "])");
}
}
Example #15
| Source File: RangerNoneOfExpectedTagsPresentConditionEvaluator.java From ranger with Apache License 2.0 | 6 votes |
|
@Override
public boolean isMatched(RangerAccessRequest request) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerNoneOfExpectedTagsPresentConditionEvaluator.isMatched(" + request + ")");
}
boolean matched = true;
RangerAccessRequest readOnlyRequest = request.getReadOnlyCopy();
RangerScriptExecutionContext context = new RangerScriptExecutionContext(readOnlyRequest);
Set<String> resourceTags = context.getAllTagTypes();
if (resourceTags != null) {
// check if resource Tags does not contain any tags in the policy condition
matched = (Collections.disjoint(resourceTags, policyConditionTags));
}
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerNoneOfExpectedTagsPresentConditionEvaluator.isMatched(" + request+ "): " + matched);
}
return matched;
}
Example #16
| Source File: RangerSampleCountryProvider.java From ranger with Apache License 2.0 | 6 votes |
|
@Override
public void enrich(RangerAccessRequest request) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerSampleCountryProvider.enrich(" + request + ")");
}
if(request != null && userCountryMap != null) {
Map<String, Object> context = request.getContext();
String country = userCountryMap.getProperty(request.getUser());
if(context != null && !StringUtils.isEmpty(country)) {
request.getContext().put(contextName, country);
} else {
if(LOG.isDebugEnabled()) {
LOG.debug("RangerSampleCountryProvider.enrich(): skipping due to unavailable context or country. context=" + context + "; country=" + country);
}
}
}
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerSampleCountryProvider.enrich(" + request + ")");
}
}
Example #17
| Source File: RangerSampleProjectProvider.java From ranger with Apache License 2.0 | 6 votes |
|
@Override
public void enrich(RangerAccessRequest request) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerSampleProjectProvider.enrich(" + request + ")");
}
if(request != null && userProjectMap != null && request.getUser() != null) {
Map<String, Object> context = request.getContext();
String project = userProjectMap.getProperty(request.getUser());
if(context != null && !StringUtils.isEmpty(project)) {
request.getContext().put(contextName, project);
} else {
if(LOG.isDebugEnabled()) {
LOG.debug("RangerSampleProjectProvider.enrich(): skipping due to unavailable context or project. context=" + context + "; project=" + project);
}
}
}
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerSampleProjectProvider.enrich(" + request + ")");
}
}
Example #18
| Source File: TestRangerNiFiAuthorizer.java From localization_nifi with Apache License 2.0 | 6 votes |
|
@Override
public boolean matches(Object o) {
if (!(o instanceof RangerAccessRequest)) {
return false;
}
final RangerAccessRequest other = (RangerAccessRequest) o;
final boolean clientIpsMatch = (other.getClientIPAddress() == null && request.getClientIPAddress() == null)
|| (other.getClientIPAddress() != null && request.getClientIPAddress() != null && other.getClientIPAddress().equals(request.getClientIPAddress()));
return other.getResource().equals(request.getResource())
&& other.getAccessType().equals(request.getAccessType())
&& other.getAction().equals(request.getAction())
&& other.getUser().equals(request.getUser())
&& clientIpsMatch;
}
Example #19
| Source File: RangerSimpleMatcher.java From ranger with Apache License 2.0 | 6 votes |
|
String extractValue(final RangerAccessRequest request, String key) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerSimpleMatcher.extractValue(" + request+ ")");
}
String value = null;
if (request == null) {
LOG.debug("isMatched: Unexpected: null request. Returning null!");
} else if (request.getContext() == null) {
LOG.debug("isMatched: Context map of request is null. Ok. Returning null!");
} else if (CollectionUtils.isEmpty(request.getContext().entrySet())) {
LOG.debug("isMatched: Missing context on request. Ok. Condition isn't applicable. Returning null!");
} else if (!request.getContext().containsKey(key)) {
if (LOG.isDebugEnabled()) {
LOG.debug("isMatched: Unexpected: Context did not have data for condition[" + key + "]. Returning null!");
}
} else {
value = (String)request.getContext().get(key);
}
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerSimpleMatcher.extractValue(" + request+ "): " + value);
}
return value;
}
Example #20
| Source File: RangerPolicyConditionSampleSimpleMatcher.java From ranger with Apache License 2.0 | 6 votes |
|
String extractValue(final RangerAccessRequest request, String key) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerPolicyConditionSampleSimpleMatcher.extractValue(" + request+ ")");
}
String value = null;
if (request == null) {
LOG.debug("isMatched: Unexpected: null request. Returning null!");
} else if (request.getContext() == null) {
LOG.debug("isMatched: Context map of request is null. Ok. Returning null!");
} else if (CollectionUtils.isEmpty(request.getContext().entrySet())) {
LOG.debug("isMatched: Missing context on request. Ok. Condition isn't applicable. Returning null!");
} else if (!request.getContext().containsKey(key)) {
if (LOG.isDebugEnabled()) {
LOG.debug("isMatched: Unexpected: Context did not have data for condition[" + key + "]. Returning null!");
}
} else {
value = (String)request.getContext().get(key);
}
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerPolicyConditionSampleSimpleMatcher.extractValue(" + request+ "): " + value);
}
return value;
}
Example #21
| Source File: RangerSampleSimpleMatcher.java From ranger with Apache License 2.0 | 6 votes |
|
String extractValue(final RangerAccessRequest request, String key) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerSampleSimpleMatcher.extractValue(" + request+ ")");
}
String value = null;
if (request == null) {
LOG.debug("isMatched: Unexpected: null request. Returning null!");
} else if (request.getContext() == null) {
LOG.debug("isMatched: Context map of request is null. Ok. Returning null!");
} else if (CollectionUtils.isEmpty(request.getContext().entrySet())) {
LOG.debug("isMatched: Missing context on request. Ok. Condition isn't applicable. Returning null!");
} else if (!request.getContext().containsKey(key)) {
if (LOG.isDebugEnabled()) {
LOG.debug("isMatched: Unexpected: Context did not have data for condition[" + key + "]. Returning null!");
}
} else {
value = (String)request.getContext().get(key);
}
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerSampleSimpleMatcher.extractValue(" + request+ "): " + value);
}
return value;
}
Example #22
| Source File: StormRangerPlugin.java From ranger with Apache License 2.0 | 6 votes |
|
public RangerAccessRequest buildAccessRequest(String _user, String[] _groups, String _clientIp, String _topology, String _operation) {
RangerAccessRequestImpl request = new RangerAccessRequestImpl();
request.setUser(_user);
if (_groups != null && _groups.length > 0) {
Set<String> groups = Sets.newHashSet(_groups);
request.setUserGroups(groups);
}
request.setAccessType(getAccessType(_operation));
request.setClientIPAddress(_clientIp);
request.setAction(_operation);
// build resource and connect stuff into request
RangerAccessResourceImpl resource = new RangerAccessResourceImpl();
resource.setValue(ResourceName.Topology, _topology);
request.setResource(resource);
if (LOG.isDebugEnabled()) {
LOG.debug("Returning request: " + request.toString());
}
return request;
}
Example #23
| Source File: RangerDefaultPolicyEvaluator.java From ranger with Apache License 2.0 | 6 votes |
|
private void getResourceAccessInfo(RangerAccessRequest request, List<? extends RangerPolicyItemEvaluator> policyItems, Set<String> users, Set<String> groups) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerDefaultPolicyEvaluator.getResourceAccessInfo(" + request + ", " + policyItems + ", " + users + ", " + groups + ")");
}
if (CollectionUtils.isNotEmpty(policyItems)) {
for (RangerPolicyItemEvaluator policyItemEvaluator : policyItems) {
if (policyItemEvaluator.matchAccessType(request.getAccessType()) && policyItemEvaluator.matchCustomConditions(request)) {
if (CollectionUtils.isNotEmpty(policyItemEvaluator.getPolicyItem().getUsers())) {
users.addAll(policyItemEvaluator.getPolicyItem().getUsers());
}
if (CollectionUtils.isNotEmpty(policyItemEvaluator.getPolicyItem().getGroups())) {
groups.addAll(policyItemEvaluator.getPolicyItem().getGroups());
}
}
}
}
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerDefaultPolicyEvaluator.getResourceAccessInfo(" + request + ", " + policyItems + ", " + users + ", " + groups + ")");
}
}
Example #24
| Source File: KnoxRangerPlugin.java From ranger with Apache License 2.0 | 6 votes |
|
RangerAccessRequest build() {
// build resource
RangerAccessResourceImpl resource = new RangerAccessResourceImpl();
resource.setValue(ResourceName.Service, _service);
resource.setValue(ResourceName.Topology, _topology);
// build request
RangerAccessRequestImpl request = new RangerAccessRequestImpl();
request.setAction(AccessType.Allow);
request.setAccessType(AccessType.Allow);
request.setClientIPAddress(_clientIp);
request.setUser(_user);
request.setUserGroups(_groups);
request.setResource(resource);
request.setRemoteIPAddress(_remoteIp);
request.setForwardedAddresses(_forwardedAddresses);
return request;
}
Example #25
| Source File: RangerIpMatcher.java From ranger with Apache License 2.0 | 6 votes |
|
@Override
public boolean isMatched(final RangerAccessRequest request) {
if(LOG.isDebugEnabled()) {
LOG.debug("==> RangerIpMatcher.isMatched(" + request + ")");
}
boolean ipMatched = true;
if (_allowAny) {
LOG.debug("isMatched: allowAny flag is true. Matched!");
} else {
String requestIp = extractIp(request);
if (requestIp == null) {
LOG.debug("isMatched: couldn't get ip address from request. Ok. Implicitly matched!");
} else {
ipMatched = isWildcardMatched(_wildCardIps, requestIp) || isExactlyMatched(_exactIps, requestIp);
}
}
if(LOG.isDebugEnabled()) {
LOG.debug("<== RangerIpMatcher.isMatched(" + request+ "): " + ipMatched);
}
return ipMatched;
}
Example #26
| Source File: RangerDefaultRequestProcessor.java From ranger with Apache License 2.0 | 5 votes |
|
private void setResourceServiceDef(RangerAccessRequest request) {
RangerAccessResource resource = request.getResource();
if (resource.getServiceDef() == null) {
if (resource instanceof RangerMutableResource) {
RangerMutableResource mutable = (RangerMutableResource) resource;
mutable.setServiceDef(policyEngine.getServiceDef());
}
}
}
Example #27
| Source File: RangerBasePlugin.java From ranger with Apache License 2.0 | 5 votes |
|
public RangerAccessResult isAccessAllowed(RangerAccessRequest request, RangerAccessResultProcessor resultProcessor) {
RangerPolicyEngine policyEngine = this.policyEngine;
if(policyEngine != null) {
return policyEngine.evaluatePolicies(request, RangerPolicy.POLICY_TYPE_ACCESS, resultProcessor);
}
return null;
}
Example #28
| Source File: RangerIpMatcherTest.java From ranger with Apache License 2.0 | 5 votes |
|
@Test
public void test_extractIp() {
RangerIpMatcher matcher = new RangerIpMatcher();
Assert.assertNull(matcher.extractIp(null));
RangerAccessRequest request = mock(RangerAccessRequest.class);
when(request.getClientIPAddress()).thenReturn(null);
Assert.assertNull(matcher.extractIp(request));
when(request.getClientIPAddress()).thenReturn("anIp"); // note ip address is merely a string. It can be any string.
Assert.assertEquals("anIp", matcher.extractIp(request));
}
Example #29
| Source File: RangerOptimizedPolicyEvaluator.java From ranger with Apache License 2.0 | 5 votes |
|
private boolean isOwnerMatch(RangerAccessRequest request) {
boolean ret = false;
if (hasResourceOwner) {
RangerAccessResource accessedResource = request.getResource();
String resourceOwner = accessedResource != null ? accessedResource.getOwnerUser() : null;
String user = request.getUser();
if (user != null && resourceOwner != null && user.equals(resourceOwner)) {
ret = true;
}
}
return ret;
}
Example #30
| Source File: RangerDefaultPolicyEvaluatorTest.java From ranger with Apache License 2.0 | 5 votes |
|
RangerAccessRequest createAccessRequestWithConditions(String[] conditionNames) {
// let's first create a request with 2 different conditions
Map<String, Object> context = new HashMap<String, Object>(conditionNames.length);
for (String conditionName: conditionNames) {
// value is not important for our test
context.put(conditionName, conditionName + "-value");
}
RangerAccessRequest request = mock(RangerAccessRequest.class);
when(request.getContext()).thenReturn(context);
return request;
}
