You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2016/03/09 20:16:12 UTC
[1/2] incubator-ranger git commit: RANGER-881: sample application and
its Ranger plugin to help understand Ranger authorization addition to an
application
Repository: incubator-ranger
Updated Branches:
refs/heads/master 13e6b9586 -> f06795e2e
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleCountryProvider.java
----------------------------------------------------------------------
diff --git a/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleCountryProvider.java b/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleCountryProvider.java
deleted file mode 100644
index 198dc5f..0000000
--- a/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleCountryProvider.java
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.contextenricher;
-
-import java.util.Map;
-import java.util.Properties;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
-
-/**
- * This is a sample implementation of a Context Enricher. It works in conjunction with a sample Condition Evaluator
- * <code>RangerSampleSimpleMatcher</code>. It This is how it would be used in service definition:
- {
- ... service def
- ...
- "contextEnrichers": [
- {
- "itemId": 1, "name": "country-provider",
- "enricher": "org.apache.ranger.plugin.contextenricher.RangerSampleCountryProvider",
- "enricherOptions": { "contextName" : "COUNTRY", "dataFile":"/etc/ranger/data/userCountry.txt"}
- }
- ...
- }
-
- contextName: is used to specify the name under which the enricher would push value into context.
- For purposes of this example the default value of this parameter, if unspecified is COUNTRY. This default
- can be seen specified in <code>init()</code>.
- dataFile: is the file which contains the lookup data that this particular enricher would use to
- ascertain which value to insert into the context. For purposes of this example the default value of
- this parameter, if unspecified is /etc/ranger/data/userCountry.txt. This default can be seen specified
- in <code>init()</code>. Format of lookup data is in the form of standard java properties list.
-
- @see <a href="http://docs.oracle.com/javase/6/docs/api/java/util/Properties.html#load(java.io.Reader)">Java Properties List</a>
- *
- * This Context Enricher is almost identical to another sample enricher <code>RangerSampleProjectProvider</code>.
- */
-public class RangerSampleCountryProvider extends RangerAbstractContextEnricher {
- private static final Log LOG = LogFactory.getLog(RangerSampleCountryProvider.class);
-
- private String contextName = "COUNTRY";
- private Properties userCountryMap = null;
-
- @Override
- public void init() {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerSampleCountryProvider.init(" + enricherDef + ")");
- }
-
- super.init();
-
- contextName = getOption("contextName", "COUNTRY");
-
- String dataFile = getOption("dataFile", "/etc/ranger/data/userCountry.txt");
-
- userCountryMap = readProperties(dataFile);
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerSampleCountryProvider.init(" + enricherDef + ")");
- }
- }
-
- @Override
- public void enrich(RangerAccessRequest request) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerSampleCountryProvider.enrich(" + request + ")");
- }
-
- if(request != null && userCountryMap != null) {
- Map<String, Object> context = request.getContext();
- String country = userCountryMap.getProperty(request.getUser());
-
- if(context != null && !StringUtils.isEmpty(country)) {
- request.getContext().put(contextName, country);
- } else {
- if(LOG.isDebugEnabled()) {
- LOG.debug("RangerSampleCountryProvider.enrich(): skipping due to unavailable context or country. context=" + context + "; country=" + country);
- }
- }
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerSampleCountryProvider.enrich(" + request + ")");
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleProjectProvider.java
----------------------------------------------------------------------
diff --git a/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleProjectProvider.java b/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleProjectProvider.java
deleted file mode 100644
index d3de690..0000000
--- a/ranger-examples/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleProjectProvider.java
+++ /dev/null
@@ -1,103 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.contextenricher;
-
-import org.apache.commons.lang.StringUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
-
-import java.util.Map;
-import java.util.Properties;
-
-/**
- * This is a sample implementation of a Context Enricher. It works in conjunction with a sample Condition Evaluator
- * <code>RangerSampleSimpleMatcher</code>. It This is how it would be used in service definition:
- {
- ... service def
- ...
- "contextEnrichers": [
- {
- "itemId": 1, "name": "project-provider",
- "enricher": "org.apache.ranger.plugin.contextenricher.RangerSampleProjectProvider",
- "enricherOptions": { "contextName" : "PROJECT", "dataFile":"/etc/ranger/data/userProject.txt"}
- }
- ...
- }
-
- contextName: is used to specify the name under which the enricher would push value into context.
- For purposes of this example the default value of this parameter, if unspecified is PROJECT. This default
- can be seen specified in <code>init()</code>.
- dataFile: is the file which contains the lookup data that this particular enricher would use to
- ascertain which value to insert into the context. For purposes of this example the default value of
- this parameter, if unspecified is /etc/ranger/data/userProject.txt. This default can be seen specified
- in <code>init()</code>. Format of lookup data is in the form of standard java properties list.
-
- @see <a href="http://docs.oracle.com/javase/6/docs/api/java/util/Properties.html#load(java.io.Reader)">Java Properties List</a>
- */
-public class RangerSampleProjectProvider extends RangerAbstractContextEnricher {
- private static final Log LOG = LogFactory.getLog(RangerSampleProjectProvider.class);
-
- private String contextName = "PROJECT";
- private Properties userProjectMap = null;
-
- @Override
- public void init() {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerSampleProjectProvider.init(" + enricherDef + ")");
- }
-
- super.init();
-
- contextName = getOption("contextName", "PROJECT");
-
- String dataFile = getOption("dataFile", "/etc/ranger/data/userProject.txt");
-
- userProjectMap = readProperties(dataFile);
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerSampleProjectProvider.init(" + enricherDef + ")");
- }
- }
-
- @Override
- public void enrich(RangerAccessRequest request) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerSampleProjectProvider.enrich(" + request + ")");
- }
-
- if(request != null && userProjectMap != null) {
- Map<String, Object> context = request.getContext();
- String project = userProjectMap.getProperty(request.getUser());
-
- if(context != null && !StringUtils.isEmpty(project)) {
- request.getContext().put(contextName, project);
- } else {
- if(LOG.isDebugEnabled()) {
- LOG.debug("RangerSampleProjectProvider.enrich(): skipping due to unavailable context or project. context=" + context + "; project=" + project);
- }
- }
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerSampleProjectProvider.enrich(" + request + ")");
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcherTest.java
----------------------------------------------------------------------
diff --git a/ranger-examples/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcherTest.java b/ranger-examples/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcherTest.java
deleted file mode 100644
index 3e683ba..0000000
--- a/ranger-examples/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcherTest.java
+++ /dev/null
@@ -1,139 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.conditionevaluator;
-
-
-import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition;
-import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef;
-import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
-import org.junit.Assert;
-import org.junit.Test;
-import org.mockito.Mockito;
-
-import java.util.*;
-
-public class RangerSampleSimpleMatcherTest {
-
- final Map<String, String> _conditionOptions = new HashMap<String, String>();
-
- {
- _conditionOptions.put(RangerSampleSimpleMatcher.CONTEXT_NAME, RangerSampleSimpleMatcher.CONTEXT_NAME);
- }
-
- @Test
- public void testIsMatched_happyPath() {
- // this documents some unexpected behavior of the ip matcher
- RangerSampleSimpleMatcher ipMatcher = createMatcher(new String[]{"US", "C*"} );
- Assert.assertTrue(ipMatcher.isMatched(createRequest("US")));
- Assert.assertTrue(ipMatcher.isMatched(createRequest("CA")));
- Assert.assertTrue(ipMatcher.isMatched(createRequest("C---")));
- Assert.assertFalse(ipMatcher.isMatched(createRequest(" US ")));
- Assert.assertFalse(ipMatcher.isMatched(createRequest("Us")));
- Assert.assertFalse(ipMatcher.isMatched(createRequest("ca")));
- }
-
- @Test
- public void test_firewallings() {
-
- // create a request for some policyValue, say, country and use it to match against matcher initialized with all sorts of bad data
- RangerAccessRequest request = createRequest("AB");
-
- RangerSampleSimpleMatcher matcher = new RangerSampleSimpleMatcher();
- // Matcher initialized with null policy should behave sensibly! It matches everything!
- matcher.setConditionDef(null);
- matcher.setPolicyItemCondition(null);
- matcher.init();
- Assert.assertTrue(matcher.isMatched(request));
-
- RangerPolicyItemCondition policyItemCondition = Mockito.mock(RangerPolicyItemCondition.class);
- matcher.setConditionDef(null);
- matcher.setPolicyItemCondition(policyItemCondition);
- matcher.init();
- Assert.assertTrue(matcher.isMatched(request));
-
- RangerPolicyConditionDef conditionDef = Mockito.mock(RangerPolicyConditionDef.class);
- matcher.setConditionDef(conditionDef);
- matcher.setPolicyItemCondition(null);
- matcher.init();
- Assert.assertTrue(matcher.isMatched(request));
-
- // so should a policy item condition with initialized with null list of values
- Mockito.when(policyItemCondition.getValues()).thenReturn(null);
- matcher.setConditionDef(conditionDef);
- matcher.setPolicyItemCondition(policyItemCondition);
- matcher.init();
- Assert.assertTrue(matcher.isMatched(request));
-
- // not null item condition with empty condition list
- List<String> values = new ArrayList<String>();
- Mockito.when(policyItemCondition.getValues()).thenReturn(values);
- matcher.setConditionDef(conditionDef);
- matcher.setPolicyItemCondition(policyItemCondition);
- matcher.init();
- Assert.assertTrue(matcher.isMatched(request));
-
- // values as sensible items in it, however, the conditionDef has null evaluator option, so that too suppresses any check
- values.add("AB");
- Mockito.when(policyItemCondition.getValues()).thenReturn(values);
- Mockito.when(conditionDef.getEvaluatorOptions()).thenReturn(null);
- matcher.setConditionDef(conditionDef);
- matcher.setPolicyItemCondition(policyItemCondition);
- matcher.init();
- Assert.assertTrue(matcher.isMatched(request));
-
- // If evaluator option on the condition def is non-null then it starts to evaluate for real
- Mockito.when(conditionDef.getEvaluatorOptions()).thenReturn(_conditionOptions);
- matcher.setConditionDef(conditionDef);
- matcher.setPolicyItemCondition(policyItemCondition);
- matcher.init();
- Assert.assertTrue(matcher.isMatched(request));
- }
-
- RangerSampleSimpleMatcher createMatcher(String[] ipArray) {
- RangerSampleSimpleMatcher matcher = new RangerSampleSimpleMatcher();
-
- if (ipArray == null) {
- matcher.setConditionDef(null);
- matcher.setPolicyItemCondition(null);
- matcher.init();
- } else {
- RangerPolicyItemCondition condition = Mockito.mock(RangerPolicyItemCondition.class);
- List<String> addresses = Arrays.asList(ipArray);
- Mockito.when(condition.getValues()).thenReturn(addresses);
-
- RangerPolicyConditionDef conditionDef = Mockito.mock(RangerPolicyConditionDef.class);
-
- Mockito.when(conditionDef.getEvaluatorOptions()).thenReturn(_conditionOptions);
- matcher.setConditionDef(conditionDef);
- matcher.setPolicyItemCondition(condition);
- matcher.init();
- }
-
- return matcher;
- }
-
- RangerAccessRequest createRequest(String value) {
- Map<String, Object> context = new HashMap<String, Object>();
- context.put(RangerSampleSimpleMatcher.CONTEXT_NAME, value);
- RangerAccessRequest request = Mockito.mock(RangerAccessRequest.class);
- Mockito.when(request.getContext()).thenReturn(context);
- return request;
- }
-}
[2/2] incubator-ranger git commit: RANGER-881: sample application and
its Ranger plugin to help understand Ranger authorization addition to an
application
Posted by ma...@apache.org.
RANGER-881: sample application and its Ranger plugin to help understand Ranger authorization addition to an application
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/f06795e2
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/f06795e2
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/f06795e2
Branch: refs/heads/master
Commit: f06795e2e3ed70cc3c1970a25fa1c483a60362c2
Parents: 13e6b95
Author: Madhan Neethiraj <ma...@apache.org>
Authored: Wed Mar 9 01:31:40 2016 -0800
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Wed Mar 9 11:09:30 2016 -0800
----------------------------------------------------------------------
ranger-examples/README.txt | 74 ++++++++
ranger-examples/conditions-enrichers/pom.xml | 43 +++++
.../RangerSampleSimpleMatcher.java | 170 +++++++++++++++++++
.../RangerSampleCountryProvider.java | 105 ++++++++++++
.../RangerSampleProjectProvider.java | 103 +++++++++++
.../RangerSampleSimpleMatcherTest.java | 139 +++++++++++++++
.../dev-support/findbugsIncludeFile.xml | 25 +++
.../dev-support/ranger-pmd-ruleset.xml | 70 ++++++++
.../conf/ranger-policymgr-ssl.xml | 63 +++++++
.../conf/ranger-sampleapp-audit.xml | 79 +++++++++
.../conf/ranger-sampleapp-security.xml | 83 +++++++++
ranger-examples/plugin-sampleapp/pom.xml | 85 ++++++++++
.../ranger/examples/sampleapp/IAuthorizer.java | 28 +++
.../examples/sampleapp/RangerAuthorizer.java | 61 +++++++
ranger-examples/pom.xml | 37 ++--
ranger-examples/sampleapp/conf/log4j.xml | 65 +++++++
ranger-examples/sampleapp/pom.xml | 41 +++++
.../sampleapp/scripts/run-sampleapp.sh | 39 +++++
.../examples/sampleapp/DefaultAuthorizer.java | 36 ++++
.../ranger/examples/sampleapp/IAuthorizer.java | 28 +++
.../ranger/examples/sampleapp/SampleApp.java | 159 +++++++++++++++++
.../src/main/assembly/plugin-sampleapp.xml | 75 ++++++++
ranger-examples/src/main/assembly/sampleapp.xml | 62 +++++++
.../RangerSampleSimpleMatcher.java | 170 -------------------
.../RangerSampleCountryProvider.java | 105 ------------
.../RangerSampleProjectProvider.java | 103 -----------
.../RangerSampleSimpleMatcherTest.java | 139 ---------------
27 files changed, 1655 insertions(+), 532 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/README.txt
----------------------------------------------------------------------
diff --git a/ranger-examples/README.txt b/ranger-examples/README.txt
new file mode 100644
index 0000000..7b2387e
--- /dev/null
+++ b/ranger-examples/README.txt
@@ -0,0 +1,74 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+1. Introduction
+
+2. SampleApp
+ A simple application to demonstrate use of pluggable authorization.
+ - IAuthorizer:
+ the authorization interface. Authorizes read/write/execute access to a given file
+ - DefaultAuthorizer:
+ default authorizer implementation, authorizes all accesses
+ - SampleApp:
+ - main application that prompts the user to enter access to authorize in the following format:
+ read filePath user1 userGroup1 userGroup2 userGroup3
+ write filePath user1 userGroup1 userGroup2 userGroup3
+ execute filePath user1 userGroup1 userGroup2 userGroup3
+
+3. SampleApp Plugin
+ - RangerAuthorizer implements IAuthorizer interface and performs authorization using Ranger policies.
+ - For simplicity, uses policies in a HDFS service instance (like cl1_hadoop): which uses 'path' as the resource and supports 'read', 'write' and 'execute' accessTypes
+ - conf/ranger-sampleapp-security.xml: has configurations for plugin, like Ranger Admin URL, name of the service containing policies
+ - conf/ranger-sampleapp-audit.xml: has configurations for plugin audit, like log4j logger name, HDFS folder, DB connection details
+
+4. Build
+ $ mvn clean compile package assembly:assembly
+ $ cd ranger-examples
+ $ mvn clean compile package assembly:assembly
+ # Following files created by the build will be required to setup SampleApp:
+ target/ranger-examples-0.6.0-sampleapp.tar.gz
+ target/ranger-examples-0.6.0-sampleapp-plugin.tar.gz
+
+5. Setup SampleApp
+ # Create a empty directory to setup the application
+ $ mkdir /tmp/sampleapp
+ $ cd /tmp/sampleapp
+ $ tar xvfz ranger-examples-0.6.0-sampleapp.tar.gz
+ # add Ranger authorizer bits
+ $ tar xvfz ranger-examples-0.6.0-sampleapp-plugin.tar.gz
+ # Review and update properties in conf/ranger-sampleapp-security.xml, especially the following:
+ - ranger.plugin.sampleapp.policy.rest.url
+ - ranger.plugin.sampleapp.service.name
+ # Review and update properties in conf/ranger-sampleapp-audit.xml
+ # Review and update properties in conf/log4j.xml
+
+6. Execute
+ - Use default authorizer i.e. not Ranger:
+ $ cd /tmp/sampleapp
+ $ ./run-sampleapp.sh
+ # At the prompt, enter commands to trigger access authorization, like:
+ command> read filePath user1 userGroup1 userGroup2 userGroup3
+ command> write filePath user1 userGroup1 userGroup2 userGroup3
+ command> execute filePath user1 userGroup1 userGroup2 userGroup3
+
+ - Use Ranger authorizer
+ $ cd /tmp/sampleapp
+ $ ./run-sampleapp.sh ranger-authz
+ # At the prompt, enter commands to trigger access authorization, like:
+ command> read filePath user1 userGroup1 userGroup2 userGroup3
+ command> write filePath user1 userGroup1 userGroup2 userGroup3
+ command> execute filePath user1 userGroup1 userGroup2 userGroup3
+ # audit logs can be seen in /tmp/ranger_audit.log
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/conditions-enrichers/pom.xml
----------------------------------------------------------------------
diff --git a/ranger-examples/conditions-enrichers/pom.xml b/ranger-examples/conditions-enrichers/pom.xml
new file mode 100644
index 0000000..6dc8f53
--- /dev/null
+++ b/ranger-examples/conditions-enrichers/pom.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>conditions-enrichers</artifactId>
+ <name>Ranger Examples - Conditions and ContextEnrichers</name>
+ <description>Ranger Examples - Conditions and ContextEnrichers</description>
+ <parent>
+ <artifactId>ranger-examples</artifactId>
+ <groupId>org.apache.ranger</groupId>
+ <version>0.6.0</version>
+ </parent>
+ <dependencies>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.mockito</groupId>
+ <artifactId>mockito-core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.ranger</groupId>
+ <artifactId>ranger-plugins-common</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/conditions-enrichers/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcher.java
----------------------------------------------------------------------
diff --git a/ranger-examples/conditions-enrichers/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcher.java b/ranger-examples/conditions-enrichers/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcher.java
new file mode 100644
index 0000000..50ecb69
--- /dev/null
+++ b/ranger-examples/conditions-enrichers/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcher.java
@@ -0,0 +1,170 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.conditionevaluator;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections.MapUtils;
+import org.apache.commons.io.FilenameUtils;
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * This is a sample implementation of a condition Evaluator. It works in conjunction with the sample context enricher
+ * <code>RangerSampleProjectProvider</code>. This is how it would be specified in the service definition:
+ {
+ ...
+ ... service definition
+ ...
+ "policyConditions": [
+ {
+ "itemId": 1,
+ "name": "user-in-project",
+ "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerSimpleMatcher",
+ "evaluatorOptions": { CONTEXT_NAME=’PROJECT’},
+ "validationRegEx":"",
+ "validationMessage": "",
+ "uiHint":"",
+ "label": "Project Matcher",
+ "description": "Projects"
+ }
+ }
+ *
+ * Name of this class is specified via the "evaluator" of the policy condition definition. Significant evaluator option
+ * for this evaluator is the CONTEXT_NAME which indicates the name under which it would look for value for the condition.
+ * It is also use to lookup the condition values specified in the policy. This example uses CONTEXT_NAME of PROJECT
+ * which matches the value under which context is enriched by its companion class <code>RangerSampleProjectProvider</code>.
+ *
+ * Note that the same Condition Evaluator can be used to process Context enrichment done by <code>RangerSampleCountryProvider</code>
+ * provided the CONTEXT_NAME evaluator option is set to COUNTRY which is same as the value used by its companion Context
+ * Enricher <code>RangerSampleCountryProvider</code>. Which serves as an example of how a single Condition Evaluator
+ * implementation can be used to model multiple policy conditions.
+ *
+ * For matching context value against policy values it uses <code>FilenameUtils.wildcardMatch()</code> which allows policy authors
+ * flexibility to specify policy conditions using wildcards. Take a look at
+ * {@link org.apache.ranger.plugin.conditionevaluator.RangerSampleSimpleMatcherTest#testIsMatched_happyPath() testIsMatched_happyPath}
+ * test for examples of what sorts of matching is afforded by this use.
+ *
+ */
+public class RangerSampleSimpleMatcher extends RangerAbstractConditionEvaluator {
+
+ private static final Log LOG = LogFactory.getLog(RangerSampleSimpleMatcher.class);
+
+ public static final String CONTEXT_NAME = "CONTEXT_NAME";
+
+ private boolean _allowAny = false;
+ private String _contextName = null;
+ private List<String> _values = new ArrayList<String>();
+
+ @Override
+ public void init() {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerSampleSimpleMatcher.init(" + condition + ")");
+ }
+
+ super.init();
+
+ if (condition == null) {
+ LOG.debug("init: null policy condition! Will match always!");
+ _allowAny = true;
+ } else if (conditionDef == null) {
+ LOG.debug("init: null policy condition definition! Will match always!");
+ _allowAny = true;
+ } else if (CollectionUtils.isEmpty(condition.getValues())) {
+ LOG.debug("init: empty conditions collection on policy condition! Will match always!");
+ _allowAny = true;
+ } else if (MapUtils.isEmpty(conditionDef.getEvaluatorOptions())) {
+ LOG.debug("init: Evaluator options were empty. Can't determine what value to use from context. Will match always.");
+ _allowAny = true;
+ } else if (StringUtils.isEmpty(conditionDef.getEvaluatorOptions().get(CONTEXT_NAME))) {
+ LOG.debug("init: CONTEXT_NAME is not specified in evaluator options. Can't determine what value to use from context. Will match always.");
+ _allowAny = true;
+ } else {
+ _contextName = conditionDef.getEvaluatorOptions().get(CONTEXT_NAME);
+ for (String value : condition.getValues()) {
+ _values.add(value);
+ }
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerSampleSimpleMatcher.init(" + condition + "): values[" + _values + "]");
+ }
+ }
+
+ @Override
+ public boolean isMatched(RangerAccessRequest request) {
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerSampleSimpleMatcher.isMatched(" + request + ")");
+ }
+
+ boolean matched = false;
+
+ if (_allowAny) {
+ matched = true;
+ } else {
+ String requestValue = extractValue(request, _contextName);
+ if (StringUtils.isNotBlank(requestValue)) {
+ for (String policyValue : _values) {
+ if (FilenameUtils.wildcardMatch(requestValue, policyValue)) {
+ matched = true;
+ break;
+ }
+ }
+ }
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerSampleSimpleMatcher.isMatched(" + request+ "): " + matched);
+ }
+
+ return matched;
+ }
+
+ String extractValue(final RangerAccessRequest request, String key) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerSampleSimpleMatcher.extractValue(" + request+ ")");
+ }
+
+ String value = null;
+ if (request == null) {
+ LOG.debug("isMatched: Unexpected: null request. Returning null!");
+ } else if (request.getContext() == null) {
+ LOG.debug("isMatched: Context map of request is null. Ok. Returning null!");
+ } else if (CollectionUtils.isEmpty(request.getContext().entrySet())) {
+ LOG.debug("isMatched: Missing context on request. Ok. Condition isn't applicable. Returning null!");
+ } else if (!request.getContext().containsKey(key)) {
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("isMatched: Unexpected: Context did not have data for condition[" + key + "]. Returning null!");
+ }
+ } else {
+ value = (String)request.getContext().get(key);
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerSampleSimpleMatcher.extractValue(" + request+ "): " + value);
+ }
+ return value;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/conditions-enrichers/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleCountryProvider.java
----------------------------------------------------------------------
diff --git a/ranger-examples/conditions-enrichers/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleCountryProvider.java b/ranger-examples/conditions-enrichers/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleCountryProvider.java
new file mode 100644
index 0000000..198dc5f
--- /dev/null
+++ b/ranger-examples/conditions-enrichers/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleCountryProvider.java
@@ -0,0 +1,105 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.contextenricher;
+
+import java.util.Map;
+import java.util.Properties;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
+
+/**
+ * This is a sample implementation of a Context Enricher. It works in conjunction with a sample Condition Evaluator
+ * <code>RangerSampleSimpleMatcher</code>. It This is how it would be used in service definition:
+ {
+ ... service def
+ ...
+ "contextEnrichers": [
+ {
+ "itemId": 1, "name": "country-provider",
+ "enricher": "org.apache.ranger.plugin.contextenricher.RangerSampleCountryProvider",
+ "enricherOptions": { "contextName" : "COUNTRY", "dataFile":"/etc/ranger/data/userCountry.txt"}
+ }
+ ...
+ }
+
+ contextName: is used to specify the name under which the enricher would push value into context.
+ For purposes of this example the default value of this parameter, if unspecified is COUNTRY. This default
+ can be seen specified in <code>init()</code>.
+ dataFile: is the file which contains the lookup data that this particular enricher would use to
+ ascertain which value to insert into the context. For purposes of this example the default value of
+ this parameter, if unspecified is /etc/ranger/data/userCountry.txt. This default can be seen specified
+ in <code>init()</code>. Format of lookup data is in the form of standard java properties list.
+
+ @see <a href="http://docs.oracle.com/javase/6/docs/api/java/util/Properties.html#load(java.io.Reader)">Java Properties List</a>
+ *
+ * This Context Enricher is almost identical to another sample enricher <code>RangerSampleProjectProvider</code>.
+ */
+public class RangerSampleCountryProvider extends RangerAbstractContextEnricher {
+ private static final Log LOG = LogFactory.getLog(RangerSampleCountryProvider.class);
+
+ private String contextName = "COUNTRY";
+ private Properties userCountryMap = null;
+
+ @Override
+ public void init() {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerSampleCountryProvider.init(" + enricherDef + ")");
+ }
+
+ super.init();
+
+ contextName = getOption("contextName", "COUNTRY");
+
+ String dataFile = getOption("dataFile", "/etc/ranger/data/userCountry.txt");
+
+ userCountryMap = readProperties(dataFile);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerSampleCountryProvider.init(" + enricherDef + ")");
+ }
+ }
+
+ @Override
+ public void enrich(RangerAccessRequest request) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerSampleCountryProvider.enrich(" + request + ")");
+ }
+
+ if(request != null && userCountryMap != null) {
+ Map<String, Object> context = request.getContext();
+ String country = userCountryMap.getProperty(request.getUser());
+
+ if(context != null && !StringUtils.isEmpty(country)) {
+ request.getContext().put(contextName, country);
+ } else {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("RangerSampleCountryProvider.enrich(): skipping due to unavailable context or country. context=" + context + "; country=" + country);
+ }
+ }
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerSampleCountryProvider.enrich(" + request + ")");
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/conditions-enrichers/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleProjectProvider.java
----------------------------------------------------------------------
diff --git a/ranger-examples/conditions-enrichers/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleProjectProvider.java b/ranger-examples/conditions-enrichers/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleProjectProvider.java
new file mode 100644
index 0000000..d3de690
--- /dev/null
+++ b/ranger-examples/conditions-enrichers/src/main/java/org/apache/ranger/plugin/contextenricher/RangerSampleProjectProvider.java
@@ -0,0 +1,103 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.contextenricher;
+
+import org.apache.commons.lang.StringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
+
+import java.util.Map;
+import java.util.Properties;
+
+/**
+ * This is a sample implementation of a Context Enricher. It works in conjunction with a sample Condition Evaluator
+ * <code>RangerSampleSimpleMatcher</code>. It This is how it would be used in service definition:
+ {
+ ... service def
+ ...
+ "contextEnrichers": [
+ {
+ "itemId": 1, "name": "project-provider",
+ "enricher": "org.apache.ranger.plugin.contextenricher.RangerSampleProjectProvider",
+ "enricherOptions": { "contextName" : "PROJECT", "dataFile":"/etc/ranger/data/userProject.txt"}
+ }
+ ...
+ }
+
+ contextName: is used to specify the name under which the enricher would push value into context.
+ For purposes of this example the default value of this parameter, if unspecified is PROJECT. This default
+ can be seen specified in <code>init()</code>.
+ dataFile: is the file which contains the lookup data that this particular enricher would use to
+ ascertain which value to insert into the context. For purposes of this example the default value of
+ this parameter, if unspecified is /etc/ranger/data/userProject.txt. This default can be seen specified
+ in <code>init()</code>. Format of lookup data is in the form of standard java properties list.
+
+ @see <a href="http://docs.oracle.com/javase/6/docs/api/java/util/Properties.html#load(java.io.Reader)">Java Properties List</a>
+ */
+public class RangerSampleProjectProvider extends RangerAbstractContextEnricher {
+ private static final Log LOG = LogFactory.getLog(RangerSampleProjectProvider.class);
+
+ private String contextName = "PROJECT";
+ private Properties userProjectMap = null;
+
+ @Override
+ public void init() {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerSampleProjectProvider.init(" + enricherDef + ")");
+ }
+
+ super.init();
+
+ contextName = getOption("contextName", "PROJECT");
+
+ String dataFile = getOption("dataFile", "/etc/ranger/data/userProject.txt");
+
+ userProjectMap = readProperties(dataFile);
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerSampleProjectProvider.init(" + enricherDef + ")");
+ }
+ }
+
+ @Override
+ public void enrich(RangerAccessRequest request) {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("==> RangerSampleProjectProvider.enrich(" + request + ")");
+ }
+
+ if(request != null && userProjectMap != null) {
+ Map<String, Object> context = request.getContext();
+ String project = userProjectMap.getProperty(request.getUser());
+
+ if(context != null && !StringUtils.isEmpty(project)) {
+ request.getContext().put(contextName, project);
+ } else {
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("RangerSampleProjectProvider.enrich(): skipping due to unavailable context or project. context=" + context + "; project=" + project);
+ }
+ }
+ }
+
+ if(LOG.isDebugEnabled()) {
+ LOG.debug("<== RangerSampleProjectProvider.enrich(" + request + ")");
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/conditions-enrichers/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcherTest.java
----------------------------------------------------------------------
diff --git a/ranger-examples/conditions-enrichers/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcherTest.java b/ranger-examples/conditions-enrichers/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcherTest.java
new file mode 100644
index 0000000..3e683ba
--- /dev/null
+++ b/ranger-examples/conditions-enrichers/src/test/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcherTest.java
@@ -0,0 +1,139 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.conditionevaluator;
+
+
+import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition;
+import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
+import org.junit.Assert;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+import java.util.*;
+
+public class RangerSampleSimpleMatcherTest {
+
+ final Map<String, String> _conditionOptions = new HashMap<String, String>();
+
+ {
+ _conditionOptions.put(RangerSampleSimpleMatcher.CONTEXT_NAME, RangerSampleSimpleMatcher.CONTEXT_NAME);
+ }
+
+ @Test
+ public void testIsMatched_happyPath() {
+ // this documents some unexpected behavior of the ip matcher
+ RangerSampleSimpleMatcher ipMatcher = createMatcher(new String[]{"US", "C*"} );
+ Assert.assertTrue(ipMatcher.isMatched(createRequest("US")));
+ Assert.assertTrue(ipMatcher.isMatched(createRequest("CA")));
+ Assert.assertTrue(ipMatcher.isMatched(createRequest("C---")));
+ Assert.assertFalse(ipMatcher.isMatched(createRequest(" US ")));
+ Assert.assertFalse(ipMatcher.isMatched(createRequest("Us")));
+ Assert.assertFalse(ipMatcher.isMatched(createRequest("ca")));
+ }
+
+ @Test
+ public void test_firewallings() {
+
+ // create a request for some policyValue, say, country and use it to match against matcher initialized with all sorts of bad data
+ RangerAccessRequest request = createRequest("AB");
+
+ RangerSampleSimpleMatcher matcher = new RangerSampleSimpleMatcher();
+ // Matcher initialized with null policy should behave sensibly! It matches everything!
+ matcher.setConditionDef(null);
+ matcher.setPolicyItemCondition(null);
+ matcher.init();
+ Assert.assertTrue(matcher.isMatched(request));
+
+ RangerPolicyItemCondition policyItemCondition = Mockito.mock(RangerPolicyItemCondition.class);
+ matcher.setConditionDef(null);
+ matcher.setPolicyItemCondition(policyItemCondition);
+ matcher.init();
+ Assert.assertTrue(matcher.isMatched(request));
+
+ RangerPolicyConditionDef conditionDef = Mockito.mock(RangerPolicyConditionDef.class);
+ matcher.setConditionDef(conditionDef);
+ matcher.setPolicyItemCondition(null);
+ matcher.init();
+ Assert.assertTrue(matcher.isMatched(request));
+
+ // so should a policy item condition with initialized with null list of values
+ Mockito.when(policyItemCondition.getValues()).thenReturn(null);
+ matcher.setConditionDef(conditionDef);
+ matcher.setPolicyItemCondition(policyItemCondition);
+ matcher.init();
+ Assert.assertTrue(matcher.isMatched(request));
+
+ // not null item condition with empty condition list
+ List<String> values = new ArrayList<String>();
+ Mockito.when(policyItemCondition.getValues()).thenReturn(values);
+ matcher.setConditionDef(conditionDef);
+ matcher.setPolicyItemCondition(policyItemCondition);
+ matcher.init();
+ Assert.assertTrue(matcher.isMatched(request));
+
+ // values as sensible items in it, however, the conditionDef has null evaluator option, so that too suppresses any check
+ values.add("AB");
+ Mockito.when(policyItemCondition.getValues()).thenReturn(values);
+ Mockito.when(conditionDef.getEvaluatorOptions()).thenReturn(null);
+ matcher.setConditionDef(conditionDef);
+ matcher.setPolicyItemCondition(policyItemCondition);
+ matcher.init();
+ Assert.assertTrue(matcher.isMatched(request));
+
+ // If evaluator option on the condition def is non-null then it starts to evaluate for real
+ Mockito.when(conditionDef.getEvaluatorOptions()).thenReturn(_conditionOptions);
+ matcher.setConditionDef(conditionDef);
+ matcher.setPolicyItemCondition(policyItemCondition);
+ matcher.init();
+ Assert.assertTrue(matcher.isMatched(request));
+ }
+
+ RangerSampleSimpleMatcher createMatcher(String[] ipArray) {
+ RangerSampleSimpleMatcher matcher = new RangerSampleSimpleMatcher();
+
+ if (ipArray == null) {
+ matcher.setConditionDef(null);
+ matcher.setPolicyItemCondition(null);
+ matcher.init();
+ } else {
+ RangerPolicyItemCondition condition = Mockito.mock(RangerPolicyItemCondition.class);
+ List<String> addresses = Arrays.asList(ipArray);
+ Mockito.when(condition.getValues()).thenReturn(addresses);
+
+ RangerPolicyConditionDef conditionDef = Mockito.mock(RangerPolicyConditionDef.class);
+
+ Mockito.when(conditionDef.getEvaluatorOptions()).thenReturn(_conditionOptions);
+ matcher.setConditionDef(conditionDef);
+ matcher.setPolicyItemCondition(condition);
+ matcher.init();
+ }
+
+ return matcher;
+ }
+
+ RangerAccessRequest createRequest(String value) {
+ Map<String, Object> context = new HashMap<String, Object>();
+ context.put(RangerSampleSimpleMatcher.CONTEXT_NAME, value);
+ RangerAccessRequest request = Mockito.mock(RangerAccessRequest.class);
+ Mockito.when(request.getContext()).thenReturn(context);
+ return request;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/dev-support/findbugsIncludeFile.xml
----------------------------------------------------------------------
diff --git a/ranger-examples/dev-support/findbugsIncludeFile.xml b/ranger-examples/dev-support/findbugsIncludeFile.xml
new file mode 100644
index 0000000..8623906
--- /dev/null
+++ b/ranger-examples/dev-support/findbugsIncludeFile.xml
@@ -0,0 +1,25 @@
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<FindBugsFilter>
+ <!--
+ For now, lets find only critical bugs from static code analyzer
+ -->
+ <Match>
+ <Bug Rank="1" />
+ </Match>
+
+</FindBugsFilter>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/dev-support/ranger-pmd-ruleset.xml
----------------------------------------------------------------------
diff --git a/ranger-examples/dev-support/ranger-pmd-ruleset.xml b/ranger-examples/dev-support/ranger-pmd-ruleset.xml
new file mode 100644
index 0000000..741601e
--- /dev/null
+++ b/ranger-examples/dev-support/ranger-pmd-ruleset.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<ruleset name="ranger-pmd" xmlns="http://pmd.sourceforge.net/ruleset/2.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://pmd.sourceforge.net/ruleset/2.0.0 http://pmd.sourceforge.net/ruleset_2_0_0.xsd">
+ <description>
+ Apache Ranger - PMD rule set
+ </description>
+
+ <rule ref="rulesets/java/basic.xml">
+ <exclude name="AvoidBranchingStatementAsLastInLoop" />
+ <exclude name="AvoidThreadGroup" />
+ <exclude name="AvoidUsingHardCodedIP" />
+ <exclude name="BooleanInstantiation" />
+ <exclude name="ClassCastExceptionWithToArray" />
+ <exclude name="CollapsibleIfStatements" />
+ <exclude name="DoubleCheckedLocking" />
+ <exclude name="ExtendsObject" />
+ <exclude name="OverrideBothEqualsAndHashcode" />
+ </rule>
+ <rule ref="rulesets/java/unusedcode.xml">
+ <exclude name="UnusedFormalParameter" />
+ <exclude name="UnusedLocalVariable" />
+ <exclude name="UnusedModifier" />
+ <exclude name="UnusedPrivateField" />
+ <exclude name="UnusedPrivateMethod" />
+ </rule>
+ <rule ref="rulesets/java/imports.xml" >
+ <exclude name="ImportFromSamePackage" />
+ <exclude name="UnnecessaryFullyQualifiedName" />
+ </rule>
+ <rule ref="rulesets/java/braces.xml">
+ <exclude name="ForLoopsMustUseBraces" />
+ <exclude name="IfElseStmtsMustUseBraces" />
+ <exclude name="IfStmtsMustUseBraces" />
+ </rule>
+ <rule ref="rulesets/java/empty.xml">
+ <exclude name="EmptyCatchBlock" />
+ <exclude name="EmptyIfStmt" />
+ <exclude name="EmptyStatementNotInLoop" />
+ <exclude name="EmptyWhileStmt" />
+ </rule>
+ <rule ref="rulesets/java/migrating.xml" />
+ <rule ref="rulesets/java/unnecessary.xml">
+ <exclude name="UnnecessaryConversionTemporary" />
+ <exclude name="UnnecessaryReturn" />
+ <exclude name="UnusedNullCheckInEquals" />
+ <exclude name="UselessOverridingMethod" />
+ <exclude name="UselessParentheses" />
+ <exclude name="UnnecessaryFinalModifier" />
+ </rule>
+
+</ruleset>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/plugin-sampleapp/conf/ranger-policymgr-ssl.xml
----------------------------------------------------------------------
diff --git a/ranger-examples/plugin-sampleapp/conf/ranger-policymgr-ssl.xml b/ranger-examples/plugin-sampleapp/conf/ranger-policymgr-ssl.xml
new file mode 100644
index 0000000..964aac7
--- /dev/null
+++ b/ranger-examples/plugin-sampleapp/conf/ranger-policymgr-ssl.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
+ <!-- The following properties are used for 2-way SSL client server validation -->
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore</name>
+ <value>hadoopdev-clientcert.jks</value>
+ <description>
+ Java Keystore files
+ </description>
+ </property>
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore.password</name>
+ <value>none</value>
+ <description>
+ password for keystore
+ </description>
+ </property>
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore</name>
+ <value>cacerts-xasecure.jks</value>
+ <description>
+ java truststore file
+ </description>
+ </property>
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore.password</name>
+ <value>none</value>
+ <description>
+ java truststore password
+ </description>
+ </property>
+ <property>
+ <name>xasecure.policymgr.clientssl.keystore.credential.file</name>
+ <value>jceks://file/tmp/keystore-hadoopdev-ssl.jceks</value>
+ <description>
+ java keystore credential file
+ </description>
+ </property>
+ <property>
+ <name>xasecure.policymgr.clientssl.truststore.credential.file</name>
+ <value>jceks://file/tmp/truststore-hadoopdev-ssl.jceks</value>
+ <description>
+ java truststore credential file
+ </description>
+ </property>
+</configuration>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/plugin-sampleapp/conf/ranger-sampleapp-audit.xml
----------------------------------------------------------------------
diff --git a/ranger-examples/plugin-sampleapp/conf/ranger-sampleapp-audit.xml b/ranger-examples/plugin-sampleapp/conf/ranger-sampleapp-audit.xml
new file mode 100644
index 0000000..5b19063
--- /dev/null
+++ b/ranger-examples/plugin-sampleapp/conf/ranger-sampleapp-audit.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
+ <!-- DB audit provider configuration -->
+ <property>
+ <name>xasecure.audit.destination.db</name>
+ <value>false</value>
+ </property>
+
+ <property>
+ <name>xasecure.audit.destination.db.jdbc.driver</name>
+ <value>com.mysql.jdbc.Driver</value>
+ </property>
+
+ <property>
+ <name>xasecure.audit.destination.db.jdbc.url</name>
+ <value>jdbc:mysql://localhost/ranger_audit</value>
+ </property>
+
+ <property>
+ <name>xasecure.audit.destination.db.password</name>
+ <value>rangerlogger</value>
+ </property>
+
+ <property>
+ <name>xasecure.audit.destination.db.user</name>
+ <value>rangerlogger</value>
+ </property>
+
+ <property>
+ <name>xasecure.audit.destination.db.batch.filespool.dir</name>
+ <value>/tmp/audit/db/spool</value>
+ </property>
+
+
+ <!-- HDFS audit provider configuration -->
+ <property>
+ <name>xasecure.audit.destination.hdfs</name>
+ <value>false</value>
+ </property>
+
+ <property>
+ <name>xasecure.audit.destination.hdfs.dir</name>
+ <value>hdfs://localhost:8020/ranger/audit</value>
+ </property>
+
+ <property>
+ <name>xasecure.audit.destination.hdfs.batch.filespool.dir</name>
+ <value>/tmp/audit/hdfs/spool</value>
+ </property>
+
+
+ <!-- Log4j audit provider configuration -->
+ <property>
+ <name>xasecure.audit.destination.log4j</name>
+ <value>true</value>
+ </property>
+
+ <property>
+ <name>xasecure.audit.destination.log4j.logger</name>
+ <value>ranger_audit_logger</value>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/plugin-sampleapp/conf/ranger-sampleapp-security.xml
----------------------------------------------------------------------
diff --git a/ranger-examples/plugin-sampleapp/conf/ranger-sampleapp-security.xml b/ranger-examples/plugin-sampleapp/conf/ranger-sampleapp-security.xml
new file mode 100644
index 0000000..befcea7
--- /dev/null
+++ b/ranger-examples/plugin-sampleapp/conf/ranger-sampleapp-security.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<configuration xmlns:xi="http://www.w3.org/2001/XInclude">
+ <property>
+ <name>ranger.plugin.sampleapp.policy.rest.url</name>
+ <value>http://localhost:6080</value>
+ <description>
+ URL to Ranger Admin
+ </description>
+ </property>
+
+ <property>
+ <name>ranger.plugin.sampleapp.service.name</name>
+ <value>cl1_hadoop</value>
+ <description>
+ Name of the Ranger service containing policies for this SampleApp instance
+ </description>
+ </property>
+
+ <property>
+ <name>ranger.plugin.sampleapp.policy.source.impl</name>
+ <value>org.apache.ranger.admin.client.RangerAdminRESTClient</value>
+ <description>
+ Class to retrieve policies from the source
+ </description>
+ </property>
+
+ <property>
+ <name>ranger.plugin.sampleapp.policy.rest.ssl.config.file</name>
+ <value>ranger-policymgr-ssl.xml</value>
+ <description>
+ Path to the file containing SSL details to contact Ranger Admin
+ </description>
+ </property>
+
+ <property>
+ <name>ranger.plugin.sampleapp.policy.pollIntervalMs</name>
+ <value>30000</value>
+ <description>
+ How often to poll for changes in policies?
+ </description>
+ </property>
+
+ <property>
+ <name>ranger.plugin.sampleapp.policy.cache.dir</name>
+ <value>/tmp</value>
+ <description>
+ Directory where Ranger policies are cached after successful retrieval from the source
+ </description>
+ </property>
+
+ <property>
+ <name>ranger.plugin.sampleapp.policy.rest.client.connection.timeoutMs</name>
+ <value>120000</value>
+ <description>
+ RangerRestClient Connection Timeout in Milli Seconds
+ </description>
+ </property>
+
+ <property>
+ <name>ranger.plugin.sampleapp.policy.rest.client.read.timeoutMs</name>
+ <value>30000</value>
+ <description>
+ RangerRestClient read Timeout in Milli Seconds
+ </description>
+ </property>
+</configuration>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/plugin-sampleapp/pom.xml
----------------------------------------------------------------------
diff --git a/ranger-examples/plugin-sampleapp/pom.xml b/ranger-examples/plugin-sampleapp/pom.xml
new file mode 100644
index 0000000..5520120
--- /dev/null
+++ b/ranger-examples/plugin-sampleapp/pom.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>ranger-sampleapp-plugin</artifactId>
+ <name>Ranger Examples - Ranger Plugin for SampleApp</name>
+ <description>Ranger Examples - SampleApp</description>
+ <packaging>jar</packaging>
+ <parent>
+ <artifactId>ranger-examples</artifactId>
+ <groupId>org.apache.ranger</groupId>
+ <version>0.6.0</version>
+ </parent>
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.ranger</groupId>
+ <artifactId>ranger-plugins-common</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.ranger</groupId>
+ <artifactId>ranger-plugins-audit</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.hadoop</groupId>
+ <artifactId>hadoop-common</artifactId>
+ <version>${hadoop-common.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>commons-configuration</groupId>
+ <artifactId>commons-configuration</artifactId>
+ <version>${commons.configuration.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>commons-lang</groupId>
+ <artifactId>commons-lang</artifactId>
+ <version>${commons.lang.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>com.sun.jersey</groupId>
+ <artifactId>jersey-bundle</artifactId>
+ <version>${jersey-bundle.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.codehaus.jackson</groupId>
+ <artifactId>jackson-jaxrs</artifactId>
+ <version>${codehaus.jackson.storm.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.codehaus.jackson</groupId>
+ <artifactId>jackson-core-asl</artifactId>
+ <version>${codehaus.jackson.storm.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.codehaus.jackson</groupId>
+ <artifactId>jackson-xc</artifactId>
+ <version>${codehaus.jackson.storm.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>com.google.code.gson</groupId>
+ <artifactId>gson</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>com.google.guava</groupId>
+ <artifactId>guava</artifactId>
+ <version>${google.guava.version}</version>
+ </dependency>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/plugin-sampleapp/src/main/java/org/apache/ranger/examples/sampleapp/IAuthorizer.java
----------------------------------------------------------------------
diff --git a/ranger-examples/plugin-sampleapp/src/main/java/org/apache/ranger/examples/sampleapp/IAuthorizer.java b/ranger-examples/plugin-sampleapp/src/main/java/org/apache/ranger/examples/sampleapp/IAuthorizer.java
new file mode 100644
index 0000000..f5dd9cb
--- /dev/null
+++ b/ranger-examples/plugin-sampleapp/src/main/java/org/apache/ranger/examples/sampleapp/IAuthorizer.java
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.examples.sampleapp;
+
+import java.util.Set;
+
+interface IAuthorizer {
+ void init();
+
+ boolean authorize(String fileName, String accessType, String user, Set<String> userGroups);
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/plugin-sampleapp/src/main/java/org/apache/ranger/examples/sampleapp/RangerAuthorizer.java
----------------------------------------------------------------------
diff --git a/ranger-examples/plugin-sampleapp/src/main/java/org/apache/ranger/examples/sampleapp/RangerAuthorizer.java b/ranger-examples/plugin-sampleapp/src/main/java/org/apache/ranger/examples/sampleapp/RangerAuthorizer.java
new file mode 100644
index 0000000..e35dce1
--- /dev/null
+++ b/ranger-examples/plugin-sampleapp/src/main/java/org/apache/ranger/examples/sampleapp/RangerAuthorizer.java
@@ -0,0 +1,61 @@
+package org.apache.ranger.examples.sampleapp;
+
+import java.util.Set;
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
+import org.apache.ranger.plugin.service.RangerBasePlugin;
+import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
+import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
+import org.apache.ranger.plugin.policyengine.RangerAccessResult;
+
+public class RangerAuthorizer implements IAuthorizer {
+ private static volatile RangerBasePlugin plugin = null;
+
+ public RangerAuthorizer() {
+
+ }
+
+ public void init() {
+ if(plugin == null) {
+ synchronized (RangerAuthorizer.class) {
+ if(plugin == null) {
+ plugin = new RangerBasePlugin("sampleapp", "sampleapp");
+
+ plugin.setResultProcessor(new RangerDefaultAuditHandler());
+
+ plugin.init();
+ }
+ }
+ }
+ }
+
+ public boolean authorize(String fileName, String accessType, String user, Set<String> userGroups) {
+ RangerAccessResourceImpl resource = new RangerAccessResourceImpl();
+ resource.setValue("path", fileName); // "path" must be a valud resource name in servicedef JSON
+
+ RangerAccessRequest request = new RangerAccessRequestImpl(resource, accessType, user, userGroups);
+
+ RangerAccessResult result = plugin.isAccessAllowed(request);
+
+ return result != null && result.getIsAllowed();
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/pom.xml
----------------------------------------------------------------------
diff --git a/ranger-examples/pom.xml b/ranger-examples/pom.xml
index 37e9d68..8648b83 100644
--- a/ranger-examples/pom.xml
+++ b/ranger-examples/pom.xml
@@ -23,19 +23,26 @@
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>ranger-examples</artifactId>
- <dependencies>
- <dependency>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- </dependency>
- <dependency>
- <groupId>org.mockito</groupId>
- <artifactId>mockito-core</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.ranger</groupId>
- <artifactId>ranger-plugins-common</artifactId>
- <version>${project.version}</version>
- </dependency>
- </dependencies>
+ <packaging>pom</packaging>
+ <modules>
+ <module>conditions-enrichers</module>
+ <module>sampleapp</module>
+ <module>plugin-sampleapp</module>
+ </modules>
+ <build>
+ <pluginManagement>
+ <plugins>
+ <plugin>
+ <artifactId>maven-assembly-plugin</artifactId>
+ <version>2.2-beta-5</version>
+ <configuration>
+ <descriptors>
+ <descriptor>src/main/assembly/sampleapp.xml</descriptor>
+ <descriptor>src/main/assembly/plugin-sampleapp.xml</descriptor>
+ </descriptors>
+ </configuration>
+ </plugin>
+ </plugins>
+ </pluginManagement>
+ </build>
</project>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/sampleapp/conf/log4j.xml
----------------------------------------------------------------------
diff --git a/ranger-examples/sampleapp/conf/log4j.xml b/ranger-examples/sampleapp/conf/log4j.xml
new file mode 100644
index 0000000..d475b91
--- /dev/null
+++ b/ranger-examples/sampleapp/conf/log4j.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="false">
+ <appender name="console_appender" class="org.apache.log4j.ConsoleAppender">
+ <param name="target" value="System.out" />
+ <layout class="org.apache.log4j.PatternLayout">
+ <param name="ConversionPattern" value="[%p]: %m%n" />
+ </layout>
+ </appender>
+
+ <appender name="sampleapp_log_appender" class="org.apache.log4j.DailyRollingFileAppender">
+ <param name="file" value="/tmp/sampleapp.log" />
+ <param name="datePattern" value="'.'yyyy-MM-dd" />
+ <param name="append" value="true" />
+ <layout class="org.apache.log4j.PatternLayout">
+ <param name="ConversionPattern" value="%d [%t] %-5p %C{6} (%F:%L) - %m%n" />
+ </layout>
+ </appender>
+
+ <appender name="ranger_audit_appender" class="org.apache.log4j.DailyRollingFileAppender">
+ <param name="file" value="/tmp/sampleapp-ranger_audit.log" />
+ <param name="datePattern" value="'.'yyyy-MM-dd" />
+ <param name="append" value="true" />
+ <layout class="org.apache.log4j.PatternLayout">
+ <param name="ConversionPattern" value="%m%n" />
+ </layout>
+ </appender>
+
+ <category name="org.apache.ranger.examples.sampleapp" additivity="false">
+ <priority value="info" />
+ <appender-ref ref="console_appender" />
+ </category>
+
+ <category name="org.apache.ranger" additivity="false">
+ <priority value="info" />
+ <appender-ref ref="sampleapp_log_appender" />
+ </category>
+
+ <category name="ranger_audit_logger">
+ <level value="info" />
+ <appender-ref ref="ranger_audit_appender" />
+ </category>
+
+ <root>
+ <priority value="warn" />
+ <appender-ref ref="sampleapp_log_appender" />
+ </root>
+</log4j:configuration>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/sampleapp/pom.xml
----------------------------------------------------------------------
diff --git a/ranger-examples/sampleapp/pom.xml b/ranger-examples/sampleapp/pom.xml
new file mode 100644
index 0000000..28fa94e
--- /dev/null
+++ b/ranger-examples/sampleapp/pom.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>sampleapp</artifactId>
+ <name>Ranger Examples - SampleApp</name>
+ <description>Ranger Examples - SampleApp</description>
+ <packaging>jar</packaging>
+ <parent>
+ <artifactId>ranger-examples</artifactId>
+ <groupId>org.apache.ranger</groupId>
+ <version>0.6.0</version>
+ </parent>
+ <dependencies>
+ <dependency>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ <version>${commons.logging.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <version>${log4j.version}</version>
+ </dependency>
+ </dependencies>
+</project>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/sampleapp/scripts/run-sampleapp.sh
----------------------------------------------------------------------
diff --git a/ranger-examples/sampleapp/scripts/run-sampleapp.sh b/ranger-examples/sampleapp/scripts/run-sampleapp.sh
new file mode 100755
index 0000000..028b531
--- /dev/null
+++ b/ranger-examples/sampleapp/scripts/run-sampleapp.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+AUTHORIZER_TYPE=$1
+
+
+JARS=
+for i in lib/*.jar conf
+do
+ JARS="${JARS}:$i"
+done
+
+if [ "${AUTHORIZER_TYPE}" == "ranger-authz" ]
+then
+ AUTHORIZER_ARG="-Dsampleapp.authorizer=org.apache.ranger.examples.sampleapp.RangerAuthorizer"
+ for i in lib/ranger-sampleapp-plugin-impl/*.jar
+ do
+ JARS="${JARS}:$i"
+ done
+fi
+
+CLASSPATH=$CLASSPATH:$JARS
+
+java -cp ${CLASSPATH} ${AUTHORIZER_ARG} org.apache.ranger.examples.sampleapp.SampleApp
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/sampleapp/src/main/java/org/apache/ranger/examples/sampleapp/DefaultAuthorizer.java
----------------------------------------------------------------------
diff --git a/ranger-examples/sampleapp/src/main/java/org/apache/ranger/examples/sampleapp/DefaultAuthorizer.java b/ranger-examples/sampleapp/src/main/java/org/apache/ranger/examples/sampleapp/DefaultAuthorizer.java
new file mode 100644
index 0000000..a238da6
--- /dev/null
+++ b/ranger-examples/sampleapp/src/main/java/org/apache/ranger/examples/sampleapp/DefaultAuthorizer.java
@@ -0,0 +1,36 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.examples.sampleapp;
+
+import java.util.Set;
+
+public class DefaultAuthorizer implements IAuthorizer {
+ public DefaultAuthorizer() {
+
+ }
+
+ public void init() {
+
+ }
+
+ public boolean authorize(String fileName, String accessType, String user, Set<String> userGroups) {
+ return true;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/sampleapp/src/main/java/org/apache/ranger/examples/sampleapp/IAuthorizer.java
----------------------------------------------------------------------
diff --git a/ranger-examples/sampleapp/src/main/java/org/apache/ranger/examples/sampleapp/IAuthorizer.java b/ranger-examples/sampleapp/src/main/java/org/apache/ranger/examples/sampleapp/IAuthorizer.java
new file mode 100644
index 0000000..f5dd9cb
--- /dev/null
+++ b/ranger-examples/sampleapp/src/main/java/org/apache/ranger/examples/sampleapp/IAuthorizer.java
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.examples.sampleapp;
+
+import java.util.Set;
+
+interface IAuthorizer {
+ void init();
+
+ boolean authorize(String fileName, String accessType, String user, Set<String> userGroups);
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/sampleapp/src/main/java/org/apache/ranger/examples/sampleapp/SampleApp.java
----------------------------------------------------------------------
diff --git a/ranger-examples/sampleapp/src/main/java/org/apache/ranger/examples/sampleapp/SampleApp.java b/ranger-examples/sampleapp/src/main/java/org/apache/ranger/examples/sampleapp/SampleApp.java
new file mode 100644
index 0000000..93d74a9
--- /dev/null
+++ b/ranger-examples/sampleapp/src/main/java/org/apache/ranger/examples/sampleapp/SampleApp.java
@@ -0,0 +1,159 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.examples.sampleapp;
+
+import java.util.HashSet;
+import java.util.Scanner;
+import java.util.Set;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+public class SampleApp {
+ private static final Log LOG = LogFactory.getLog(SampleApp.class);
+
+ private static final Set<String> VALID_ACCESS_TYPES = new HashSet<String>();
+
+ private IAuthorizer authorizer = null;
+
+ public static void main(String[] args) {
+ SampleApp app = new SampleApp();
+
+ app.init();
+
+ app.run();
+ }
+
+ public void init() {
+ VALID_ACCESS_TYPES.add("read");
+ VALID_ACCESS_TYPES.add("write");
+ VALID_ACCESS_TYPES.add("execute");
+
+ authorizer = createAuthorizer();
+ }
+
+ public void run() {
+ LOG.debug("==> SampleApp.run()");
+
+ do {
+ String input = getInput();
+
+ if(input == null) {
+ break;
+ }
+
+ if(input.trim().isEmpty()) {
+ continue;
+ }
+
+ String[] args = input.split("\\s+");
+ String accessType = getStringArg(args, 0);
+ String fileName = getStringArg(args, 1);
+ String userName = getStringArg(args, 2);
+ Set<String> userGroups = new HashSet<String>();
+
+ for(int i = 3; i < args.length; i++) {
+ userGroups.add(args[i]);
+ }
+
+ if(fileName == null || accessType == null || userName == null) {
+ LOG.info("Insufficient arguments. Usage: <accessType> <fileName> <userName> [userGroup1 userGroup2 userGroup3 ..]");
+
+ continue;
+ }
+
+ if(! VALID_ACCESS_TYPES.contains(accessType)) {
+ LOG.info(accessType + ": invalid accessType");
+
+ continue;
+ }
+
+ if(authorizer.authorize(fileName, accessType, userName, userGroups)) {
+ LOG.info("Authorized!");
+ } else {
+ LOG.info("Not authorized!");
+ }
+ } while(true);
+
+ LOG.debug("<== SampleApp.run()");
+ }
+
+ private IAuthorizer createAuthorizer() {
+ IAuthorizer ret = null;
+
+ String authzClassName = System.getProperty("sampleapp.authorizer");
+
+ if(authzClassName != null) {
+ try {
+ Class<IAuthorizer> clz = (Class<IAuthorizer>) Class.forName(authzClassName);
+
+ ret = clz.newInstance();
+ } catch(Exception excp) {
+ LOG.warn("Failed to create authorizer of type '" + authzClassName + "'", excp);
+ }
+ }
+
+ if(ret == null) {
+ LOG.info("Using default authorizer");
+ ret = new DefaultAuthorizer();
+ }
+
+ ret.init();
+
+ return ret;
+ }
+
+ private String getStringArg(String[] args, int index) {
+ if(args == null || args.length <= index) {
+ return null;
+ }
+
+ return args[index];
+ }
+
+ private Set<String> getStringSetArg(String[] args, int index) {
+ String argValue = getStringArg(args, index);
+
+ if(argValue == null) {
+ return null;
+ }
+
+ Set<String> ret = new HashSet<String>();
+
+ for(String value : argValue.split(",")) {
+ ret.add(value);
+ }
+
+ return ret;
+ }
+
+ private String getInput() {
+ Scanner inputReader = new Scanner(System.in);
+
+ System.out.print("command> ");
+ System.out.flush();
+ try {
+ return inputReader.nextLine();
+ } catch(Exception excp) {
+ // ignore
+ }
+
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/src/main/assembly/plugin-sampleapp.xml
----------------------------------------------------------------------
diff --git a/ranger-examples/src/main/assembly/plugin-sampleapp.xml b/ranger-examples/src/main/assembly/plugin-sampleapp.xml
new file mode 100644
index 0000000..de6b9a1
--- /dev/null
+++ b/ranger-examples/src/main/assembly/plugin-sampleapp.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<assembly>
+ <id>sampleapp-plugin</id>
+ <formats>
+ <format>tar.gz</format>
+ </formats>
+ <baseDirectory>${project.name}-${project.version}-ranger-sampleapp-plugin</baseDirectory>
+ <includeBaseDirectory>false</includeBaseDirectory>
+ <moduleSets>
+ <moduleSet>
+ <binaries>
+ <includeDependencies>false</includeDependencies>
+ <dependencySets>
+ <dependencySet>
+ <outputDirectory>/lib/ranger-sampleapp-plugin-impl</outputDirectory>
+ <includes>
+ <include>org.apache.ranger:ranger-plugins-common</include>
+ <include>org.apache.ranger:ranger-plugins-audit</include>
+ <include>org.apache.httpcomponents:httpmime:jar:${httpcomponent.httpmime.version}</include>
+ <include>org.noggit:noggit:jar:${noggit.version}</include>
+ <include>org.apache.hadoop:hadoop-common:jar:${hadoop-common.version}</include>
+ <include>org.apache.hadoop:hadoop-auth:jar:${hadoop-common.version}</include>
+ <include>commons-collections:commons-collections</include>
+ <include>commons-configuration:commons-configuration:jar:${commons.configuration.version}</include>
+ <include>commons-logging:commons-logging:jar:${commons.logging.version}</include>
+ <include>commons-io:commons-io:jar:${commons.io.version}</include>
+ <include>commons-lang:commons-lang:jar:${commons.lang.version}</include>
+ <include>com.google.guava:guava:jar:${google.guava.version}</include>
+ <include>org.codehaus.jackson:jackson-jaxrs:jar:${codehaus.jackson.storm.version}</include>
+ <include>org.codehaus.jackson:jackson-core-asl:jar:${codehaus.jackson.storm.version}</include>
+ <include>org.codehaus.jackson:jackson-mapper-asl:jar:${codehaus.jackson.storm.version}</include>
+ <include>org.codehaus.jackson:jackson-xc:jar:${codehaus.jackson.storm.version}</include>
+ <include>com.google.guava:guava:jar:${google.guava.version}</include>
+ <include>org.slf4j:slf4j-api</include>
+ <include>log4j:log4j</include>
+ <include>com.sun.jersey:jersey-bundle</include>
+ <include>com.google.code.gson:gson</include>
+ </includes>
+ <unpack>false</unpack>
+ </dependencySet>
+ </dependencySets>
+ <outputDirectory>/lib/ranger-sampleapp-plugin-impl</outputDirectory>
+ <unpack>false</unpack>
+ <directoryMode>755</directoryMode>
+ <fileMode>644</fileMode>
+ </binaries>
+ <includes>
+ <include>org.apache.ranger:ranger-sampleapp-plugin</include>
+ </includes>
+ </moduleSet>
+ </moduleSets>
+ <fileSets>
+ <fileSet>
+ <outputDirectory>/conf</outputDirectory>
+ <directory>plugin-sampleapp/conf</directory>
+ <fileMode>644</fileMode>
+ </fileSet>
+ </fileSets>
+</assembly>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/src/main/assembly/sampleapp.xml
----------------------------------------------------------------------
diff --git a/ranger-examples/src/main/assembly/sampleapp.xml b/ranger-examples/src/main/assembly/sampleapp.xml
new file mode 100644
index 0000000..56d43b5
--- /dev/null
+++ b/ranger-examples/src/main/assembly/sampleapp.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<assembly>
+ <id>sampleapp</id>
+ <formats>
+ <format>tar.gz</format>
+ </formats>
+ <baseDirectory>${project.name}-${project.version}-sampleapp</baseDirectory>
+ <includeBaseDirectory>false</includeBaseDirectory>
+ <moduleSets>
+ <moduleSet>
+ <binaries>
+ <includeDependencies>false</includeDependencies>
+ <dependencySets>
+ <dependencySet>
+ <outputDirectory>/lib/</outputDirectory>
+ <includes>
+ </includes>
+ <unpack>false</unpack>
+ </dependencySet>
+ </dependencySets>
+ <unpack>false</unpack>
+ <directoryMode>755</directoryMode>
+ <fileMode>644</fileMode>
+ <outputDirectory>/lib/</outputDirectory>
+ </binaries>
+ <includes>
+ <include>org.apache.ranger:sampleapp</include>
+ </includes>
+ </moduleSet>
+ </moduleSets>
+ <fileSets>
+ <fileSet>
+ <outputDirectory>/</outputDirectory>
+ <directory>sampleapp/scripts</directory>
+ <includes>
+ <include>*.sh</include>
+ </includes>
+ <fileMode>755</fileMode>
+ </fileSet>
+ <fileSet>
+ <outputDirectory>/conf</outputDirectory>
+ <directory>sampleapp/conf</directory>
+ <fileMode>644</fileMode>
+ </fileSet>
+ </fileSets>
+</assembly>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/f06795e2/ranger-examples/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcher.java
----------------------------------------------------------------------
diff --git a/ranger-examples/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcher.java b/ranger-examples/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcher.java
deleted file mode 100644
index 50ecb69..0000000
--- a/ranger-examples/src/main/java/org/apache/ranger/plugin/conditionevaluator/RangerSampleSimpleMatcher.java
+++ /dev/null
@@ -1,170 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.conditionevaluator;
-
-import org.apache.commons.collections.CollectionUtils;
-import org.apache.commons.collections.MapUtils;
-import org.apache.commons.io.FilenameUtils;
-import org.apache.commons.lang.StringUtils;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
-
-import java.util.ArrayList;
-import java.util.List;
-
-/**
- * This is a sample implementation of a condition Evaluator. It works in conjunction with the sample context enricher
- * <code>RangerSampleProjectProvider</code>. This is how it would be specified in the service definition:
- {
- ...
- ... service definition
- ...
- "policyConditions": [
- {
- "itemId": 1,
- "name": "user-in-project",
- "evaluator": "org.apache.ranger.plugin.conditionevaluator.RangerSimpleMatcher",
- "evaluatorOptions": { CONTEXT_NAME=’PROJECT’},
- "validationRegEx":"",
- "validationMessage": "",
- "uiHint":"",
- "label": "Project Matcher",
- "description": "Projects"
- }
- }
- *
- * Name of this class is specified via the "evaluator" of the policy condition definition. Significant evaluator option
- * for this evaluator is the CONTEXT_NAME which indicates the name under which it would look for value for the condition.
- * It is also use to lookup the condition values specified in the policy. This example uses CONTEXT_NAME of PROJECT
- * which matches the value under which context is enriched by its companion class <code>RangerSampleProjectProvider</code>.
- *
- * Note that the same Condition Evaluator can be used to process Context enrichment done by <code>RangerSampleCountryProvider</code>
- * provided the CONTEXT_NAME evaluator option is set to COUNTRY which is same as the value used by its companion Context
- * Enricher <code>RangerSampleCountryProvider</code>. Which serves as an example of how a single Condition Evaluator
- * implementation can be used to model multiple policy conditions.
- *
- * For matching context value against policy values it uses <code>FilenameUtils.wildcardMatch()</code> which allows policy authors
- * flexibility to specify policy conditions using wildcards. Take a look at
- * {@link org.apache.ranger.plugin.conditionevaluator.RangerSampleSimpleMatcherTest#testIsMatched_happyPath() testIsMatched_happyPath}
- * test for examples of what sorts of matching is afforded by this use.
- *
- */
-public class RangerSampleSimpleMatcher extends RangerAbstractConditionEvaluator {
-
- private static final Log LOG = LogFactory.getLog(RangerSampleSimpleMatcher.class);
-
- public static final String CONTEXT_NAME = "CONTEXT_NAME";
-
- private boolean _allowAny = false;
- private String _contextName = null;
- private List<String> _values = new ArrayList<String>();
-
- @Override
- public void init() {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerSampleSimpleMatcher.init(" + condition + ")");
- }
-
- super.init();
-
- if (condition == null) {
- LOG.debug("init: null policy condition! Will match always!");
- _allowAny = true;
- } else if (conditionDef == null) {
- LOG.debug("init: null policy condition definition! Will match always!");
- _allowAny = true;
- } else if (CollectionUtils.isEmpty(condition.getValues())) {
- LOG.debug("init: empty conditions collection on policy condition! Will match always!");
- _allowAny = true;
- } else if (MapUtils.isEmpty(conditionDef.getEvaluatorOptions())) {
- LOG.debug("init: Evaluator options were empty. Can't determine what value to use from context. Will match always.");
- _allowAny = true;
- } else if (StringUtils.isEmpty(conditionDef.getEvaluatorOptions().get(CONTEXT_NAME))) {
- LOG.debug("init: CONTEXT_NAME is not specified in evaluator options. Can't determine what value to use from context. Will match always.");
- _allowAny = true;
- } else {
- _contextName = conditionDef.getEvaluatorOptions().get(CONTEXT_NAME);
- for (String value : condition.getValues()) {
- _values.add(value);
- }
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerSampleSimpleMatcher.init(" + condition + "): values[" + _values + "]");
- }
- }
-
- @Override
- public boolean isMatched(RangerAccessRequest request) {
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerSampleSimpleMatcher.isMatched(" + request + ")");
- }
-
- boolean matched = false;
-
- if (_allowAny) {
- matched = true;
- } else {
- String requestValue = extractValue(request, _contextName);
- if (StringUtils.isNotBlank(requestValue)) {
- for (String policyValue : _values) {
- if (FilenameUtils.wildcardMatch(requestValue, policyValue)) {
- matched = true;
- break;
- }
- }
- }
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerSampleSimpleMatcher.isMatched(" + request+ "): " + matched);
- }
-
- return matched;
- }
-
- String extractValue(final RangerAccessRequest request, String key) {
- if(LOG.isDebugEnabled()) {
- LOG.debug("==> RangerSampleSimpleMatcher.extractValue(" + request+ ")");
- }
-
- String value = null;
- if (request == null) {
- LOG.debug("isMatched: Unexpected: null request. Returning null!");
- } else if (request.getContext() == null) {
- LOG.debug("isMatched: Context map of request is null. Ok. Returning null!");
- } else if (CollectionUtils.isEmpty(request.getContext().entrySet())) {
- LOG.debug("isMatched: Missing context on request. Ok. Condition isn't applicable. Returning null!");
- } else if (!request.getContext().containsKey(key)) {
- if (LOG.isDebugEnabled()) {
- LOG.debug("isMatched: Unexpected: Context did not have data for condition[" + key + "]. Returning null!");
- }
- } else {
- value = (String)request.getContext().get(key);
- }
-
- if(LOG.isDebugEnabled()) {
- LOG.debug("<== RangerSampleSimpleMatcher.extractValue(" + request+ "): " + value);
- }
- return value;
- }
-}