You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@atlas.apache.org by sh...@apache.org on 2016/05/20 17:57:20 UTC
[2/3] incubator-atlas git commit: ATLAS-495 Atlas Ranger
Authorization Plugin (nixonrodrigues via shwethags)
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/authorization/src/test/java/org/apache/atlas/authorize/simple/SimpleAtlasAuthorizerTest.java
----------------------------------------------------------------------
diff --git a/authorization/src/test/java/org/apache/atlas/authorize/simple/SimpleAtlasAuthorizerTest.java b/authorization/src/test/java/org/apache/atlas/authorize/simple/SimpleAtlasAuthorizerTest.java
new file mode 100644
index 0000000..8b27e2e
--- /dev/null
+++ b/authorization/src/test/java/org/apache/atlas/authorize/simple/SimpleAtlasAuthorizerTest.java
@@ -0,0 +1,208 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.atlas.authorize.simple;
+
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+import java.util.Map;
+
+import org.apache.atlas.authorize.*;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.testng.AssertJUnit;
+import org.testng.annotations.Test;
+
+public class SimpleAtlasAuthorizerTest {
+
+ private static Logger LOG = LoggerFactory
+ .getLogger(SimpleAtlasAuthorizerTest.class);
+
+ @Test
+ public void testAccessAllowedForUserAndGroup() {
+
+ Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap = null;
+ Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap = null;
+ List<String> policies = new ArrayList<String>();
+ policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;type:*abc,type:PII");
+
+ List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies);
+ PolicyUtil policyUtil = new PolicyUtil();
+ // group read map
+ groupReadMap = policyUtil.createPermissionMap(policyDefs,
+ AtlasActionTypes.READ, SimpleAtlasAuthorizer.AtlasAccessorTypes.GROUP);
+ // creating user readMap
+ userReadMap = policyUtil.createPermissionMap(policyDefs,
+ AtlasActionTypes.READ, SimpleAtlasAuthorizer.AtlasAccessorTypes.USER);
+
+ Set<AtlasResourceTypes> resourceType = new HashSet<AtlasResourceTypes>();
+ resourceType.add(AtlasResourceTypes.TYPE);
+ String resource = "xsdfhjabc";
+ AtlasActionTypes action = AtlasActionTypes.READ;
+ String user = "usr1";
+
+ Set<String> userGroups = new HashSet<String>();
+ userGroups.add("grp3");
+ try {
+ AtlasAccessRequest request = new AtlasAccessRequest(resourceType,
+ resource, action, user, userGroups);
+ SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) AtlasAuthorizerFactory
+ .getAtlasAuthorizer();
+
+ authorizer
+ .setResourcesForTesting(userReadMap, groupReadMap, action);
+
+ boolean isAccessAllowed = authorizer.isAccessAllowed(request);
+ // getUserReadMap
+ AssertJUnit.assertEquals(true, isAccessAllowed);
+ } catch (AtlasAuthorizationException e) {
+ if (LOG.isErrorEnabled()) {
+ LOG.error("AtlasAuthorizationException in Unit Test", e);
+ }
+ }
+
+ }
+
+ @Test
+ public void testAccessAllowedForGroup() {
+
+ Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap = null;
+ Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap = null;
+ List<String> policies = new ArrayList<String>();
+ policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;type:PII");
+
+ List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies);
+ PolicyUtil policyUtil = new PolicyUtil();
+ // creating group read map
+ groupReadMap = policyUtil.createPermissionMap(policyDefs,
+ AtlasActionTypes.READ, SimpleAtlasAuthorizer.AtlasAccessorTypes.GROUP);
+ // creating user readMap
+ userReadMap = policyUtil.createPermissionMap(policyDefs,
+ AtlasActionTypes.READ, SimpleAtlasAuthorizer.AtlasAccessorTypes.USER);
+
+ Set<AtlasResourceTypes> resourceType = new HashSet<AtlasResourceTypes>();
+ resourceType.add(AtlasResourceTypes.TYPE);
+ String resource = "PII";
+ AtlasActionTypes action = AtlasActionTypes.READ;
+ String user = "usr3";
+ Set<String> userGroups = new HashSet<String>();
+ userGroups.add("grp1");
+ AtlasAccessRequest request = new AtlasAccessRequest(resourceType,
+ resource, action, user, userGroups);
+ try {
+ SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) AtlasAuthorizerFactory
+ .getAtlasAuthorizer();
+ authorizer
+ .setResourcesForTesting(userReadMap, groupReadMap, action);
+
+ boolean isAccessAllowed = authorizer.isAccessAllowed(request);
+ AssertJUnit.assertEquals(true, isAccessAllowed);
+ } catch (AtlasAuthorizationException e) {
+ if (LOG.isErrorEnabled()) {
+ LOG.error("AtlasAuthorizationException in Unit Test", e);
+ }
+
+ }
+
+ }
+
+ @Test
+ public void testResourceNotAvailableInPolicy() {
+
+ Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap = null;
+ Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap = null;
+ List<String> policies = new ArrayList<String>();
+ policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;type:PII");
+
+ List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies);
+ PolicyUtil policyUtil = new PolicyUtil();
+ // group read map
+ groupReadMap = policyUtil.createPermissionMap(policyDefs,
+ AtlasActionTypes.READ, SimpleAtlasAuthorizer.AtlasAccessorTypes.GROUP);
+ // creating user readMap
+ userReadMap = policyUtil.createPermissionMap(policyDefs,
+ AtlasActionTypes.READ, SimpleAtlasAuthorizer.AtlasAccessorTypes.USER);
+
+ Set<AtlasResourceTypes> resourceType = new HashSet<AtlasResourceTypes>();
+ resourceType.add(AtlasResourceTypes.TYPE);
+ String resource = "abc";
+ AtlasActionTypes action = AtlasActionTypes.READ;
+ String user = "usr1";
+ Set<String> userGroups = new HashSet<String>();
+ userGroups.add("grp1");
+ AtlasAccessRequest request = new AtlasAccessRequest(resourceType,
+ resource, action, user, userGroups);
+ try {
+ SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) AtlasAuthorizerFactory
+ .getAtlasAuthorizer();
+ authorizer
+ .setResourcesForTesting(userReadMap, groupReadMap, action);
+
+ boolean isAccessAllowed = authorizer.isAccessAllowed(request);
+ AssertJUnit.assertEquals(false, isAccessAllowed);
+ } catch (AtlasAuthorizationException e) {
+ if (LOG.isErrorEnabled()) {
+ LOG.error("AtlasAuthorizationException in Unit Test", e);
+ }
+ }
+
+ }
+
+ @Test
+ public void testAccessNotAllowedForUserAndGroup() {
+
+ Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap = null;
+ Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap = null;
+ List<String> policies = new ArrayList<String>();
+ policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;type:PII");
+
+ List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies);
+ PolicyUtil policyUtil = new PolicyUtil();
+ // group read map
+ groupReadMap = policyUtil.createPermissionMap(policyDefs,
+ AtlasActionTypes.READ, SimpleAtlasAuthorizer.AtlasAccessorTypes.GROUP);
+ // creating user readMap
+ userReadMap = policyUtil.createPermissionMap(policyDefs,
+ AtlasActionTypes.READ, SimpleAtlasAuthorizer.AtlasAccessorTypes.USER);
+
+ Set<AtlasResourceTypes> resourceType = new HashSet<AtlasResourceTypes>();
+ resourceType.add(AtlasResourceTypes.TYPE);
+ String resource = "PII";
+ AtlasActionTypes action = AtlasActionTypes.READ;
+ String user = "usr3";
+ Set<String> userGroups = new HashSet<String>();
+ userGroups.add("grp3");
+ AtlasAccessRequest request = new AtlasAccessRequest(resourceType,
+ resource, action, user, userGroups);
+ try {
+ SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) AtlasAuthorizerFactory
+ .getAtlasAuthorizer();
+ authorizer
+ .setResourcesForTesting(userReadMap, groupReadMap, action);
+
+ boolean isAccessAllowed = authorizer.isAccessAllowed(request);
+ AssertJUnit.assertEquals(false, isAccessAllowed);
+ } catch (AtlasAuthorizationException e) {
+ if (LOG.isErrorEnabled()) {
+ LOG.error("AtlasAuthorizationException in Unit Test", e);
+ }
+ }
+
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/common/pom.xml
----------------------------------------------------------------------
diff --git a/common/pom.xml b/common/pom.xml
index 614b3f6..ba1210a 100644
--- a/common/pom.xml
+++ b/common/pom.xml
@@ -56,5 +56,11 @@
<artifactId>mockito-all</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-beans</artifactId>
+ <version>${spring.version}</version>
+ </dependency>
+
</dependencies>
</project>
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/common/src/main/java/org/apache/atlas/utils/PropertiesUtil.java
----------------------------------------------------------------------
diff --git a/common/src/main/java/org/apache/atlas/utils/PropertiesUtil.java b/common/src/main/java/org/apache/atlas/utils/PropertiesUtil.java
new file mode 100644
index 0000000..43569c4
--- /dev/null
+++ b/common/src/main/java/org/apache/atlas/utils/PropertiesUtil.java
@@ -0,0 +1,137 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.atlas.utils;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
+import org.apache.log4j.Logger;
+import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
+import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
+
+/**
+ * Util class for Properties.
+ */
+public final class PropertiesUtil extends PropertyPlaceholderConfigurer {
+ private static Map<String, String> propertiesMap = new HashMap<String, String>();
+ private static Logger logger = Logger.getLogger(PropertiesUtil.class);
+ protected List<String> xmlPropertyConfigurer = new ArrayList<String>();
+
+ private PropertiesUtil() {
+
+ }
+
+ @Override
+ protected void processProperties(ConfigurableListableBeanFactory beanFactory, Properties props) {
+
+ Properties sysProps = System.getProperties();
+ if (sysProps != null) {
+ for (String key : sysProps.stringPropertyNames()) {
+ String value = sysProps.getProperty(key);
+ if (value != null) {
+ value = value.trim();
+ }
+ propertiesMap.put(key, value);
+ }
+ }
+
+ if (props != null) {
+ for (String key : props.stringPropertyNames()) {
+ String value = props.getProperty(key);
+ if (value != null) {
+ value = value.trim();
+ }
+ propertiesMap.put(key, value);
+ }
+ }
+
+ super.processProperties(beanFactory, props);
+ }
+
+ public static String getProperty(String key, String defaultValue) {
+ if (key == null) {
+ return null;
+ }
+ String rtrnVal = propertiesMap.get(key);
+ if (rtrnVal == null) {
+ rtrnVal = defaultValue;
+ }
+ return rtrnVal;
+ }
+
+ public static String getProperty(String key) {
+ if (key == null) {
+ return null;
+ }
+ return propertiesMap.get(key);
+ }
+
+ public static String[] getPropertyStringList(String key) {
+ if (key == null) {
+ return null;
+ }
+ String value = propertiesMap.get(key);
+ if (value != null) {
+ String[] splitValues = value.split(",");
+ String[] returnValues = new String[splitValues.length];
+ for (int i = 0; i < splitValues.length; i++) {
+ returnValues[i] = splitValues[i].trim();
+ }
+ return returnValues;
+ } else {
+ return new String[0];
+ }
+ }
+
+ public static Integer getIntProperty(String key, int defaultValue) {
+ if (key == null) {
+ return null;
+ }
+ String rtrnVal = propertiesMap.get(key);
+ if (rtrnVal == null) {
+ return defaultValue;
+ }
+ return Integer.valueOf(rtrnVal);
+ }
+
+ public static Integer getIntProperty(String key) {
+ if (key == null) {
+ return null;
+ }
+ String rtrnVal = propertiesMap.get(key);
+ if (rtrnVal == null) {
+ return null;
+ }
+ return Integer.valueOf(rtrnVal);
+ }
+
+ public static boolean getBooleanProperty(String key, boolean defaultValue) {
+ if (key == null) {
+ return defaultValue;
+ }
+ String value = getProperty(key);
+ if (value == null) {
+ return defaultValue;
+ }
+ return Boolean.parseBoolean(value);
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/common/src/main/java/org/apache/atlas/utils/XMLPropertiesUtil.java
----------------------------------------------------------------------
diff --git a/common/src/main/java/org/apache/atlas/utils/XMLPropertiesUtil.java b/common/src/main/java/org/apache/atlas/utils/XMLPropertiesUtil.java
new file mode 100644
index 0000000..fee5371
--- /dev/null
+++ b/common/src/main/java/org/apache/atlas/utils/XMLPropertiesUtil.java
@@ -0,0 +1,85 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.atlas.utils;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Properties;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.log4j.Logger;
+import org.springframework.util.DefaultPropertiesPersister;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+/**
+ * Util class for XMLProperties.
+ */
+public class XMLPropertiesUtil extends DefaultPropertiesPersister {
+ private static Logger logger = Logger.getLogger(XMLPropertiesUtil.class);
+
+ public XMLPropertiesUtil() {
+ }
+
+ @Override
+ public void loadFromXml(Properties properties, InputStream inputStream) throws IOException {
+ try {
+ DocumentBuilderFactory xmlDocumentBuilderFactory = DocumentBuilderFactory
+ .newInstance();
+ xmlDocumentBuilderFactory.setIgnoringComments(true);
+ xmlDocumentBuilderFactory.setNamespaceAware(true);
+ DocumentBuilder xmlDocumentBuilder = xmlDocumentBuilderFactory
+ .newDocumentBuilder();
+ Document xmlDocument = xmlDocumentBuilder.parse(inputStream);
+ xmlDocument.getDocumentElement().normalize();
+
+ NodeList nList = xmlDocument.getElementsByTagName("property");
+
+ for (int temp = 0; temp < nList.getLength(); temp++) {
+
+ Node nNode = nList.item(temp);
+
+ if (nNode.getNodeType() == Node.ELEMENT_NODE) {
+
+ Element eElement = (Element) nNode;
+
+ String propertyName = "";
+ String propertyValue = "";
+ if (eElement.getElementsByTagName("name").item(0) != null) {
+ propertyName = eElement.getElementsByTagName("name")
+ .item(0).getTextContent().trim();
+ }
+ if (eElement.getElementsByTagName("value").item(0) != null) {
+ propertyValue = eElement.getElementsByTagName("value")
+ .item(0).getTextContent().trim();
+ }
+
+ properties.put(propertyName, propertyValue);
+
+ }
+ }
+ } catch (Exception e) {
+ logger.error("Error loading : ", e);
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/distro/src/conf/atlas-application.properties
----------------------------------------------------------------------
diff --git a/distro/src/conf/atlas-application.properties b/distro/src/conf/atlas-application.properties
index e2082ef..d1deae4 100755
--- a/distro/src/conf/atlas-application.properties
+++ b/distro/src/conf/atlas-application.properties
@@ -127,3 +127,6 @@ atlas.auth.policy.file=${sys:atlas.home}/conf/policy-store.txt
# org.apache.atlas.typesystem.types.cache.ITypeCacheProvider.
# The default is DefaultTypeCacheProvider which is a local in-memory type cache.
#atlas.typesystem.cache.provider=
+
+#########authorizer impl class #########
+atlas.authorizer.impl=SIMPLE
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/distro/src/conf/policy-store.txt
----------------------------------------------------------------------
diff --git a/distro/src/conf/policy-store.txt b/distro/src/conf/policy-store.txt
index 5bcc1cf..339f014 100644
--- a/distro/src/conf/policy-store.txt
+++ b/distro/src/conf/policy-store.txt
@@ -3,7 +3,5 @@
##Policy_Name;;User_Name1:Operations_Allowed,User_Name2:Operations_Allowed;;Group_Name1:Operations_Allowed,Group_Name2:Operations_Allowed;;Resource_Type1:Resource_Name,Resource_Type2:Resource_Name
##
adminPolicy;;admin:rwud;;ROLE_ADMIN:rwud;;type:*,entity:*,operation:*,taxonomy:*,term:*
-typeReadPolicy;;nixon:rw;;;;type:*,entity:*,taxonomy:*,term:*
-classReadPolicy;;saqeeb:r;;;;type:*,entity:*,taxonomy:*,term:*
dataScientistPolicy;;;;DATA_SCIENTIST:r;;type:*,entity:*,taxonomy:*,term:*
dataStewardPolicy;;;;DATA_STEWARD:rwu;;type:*,entity:*,taxonomy:*,term:*
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/distro/src/conf/users-credentials.properties
----------------------------------------------------------------------
diff --git a/distro/src/conf/users-credentials.properties b/distro/src/conf/users-credentials.properties
index 212d018..1758be2 100644
--- a/distro/src/conf/users-credentials.properties
+++ b/distro/src/conf/users-credentials.properties
@@ -1,4 +1,2 @@
#username=group::sha256-password
admin=ADMIN::8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
-michael=DATA_SCIENTIST::95bfb24de17d285d734b9eaa9109bfe922adc85f20d2e5e66a78bddb4a4ebddb
-paul=DATA_STEWARD::e7c0dcf5f8a93e93791e9bac1ae454a691c1d2a902fc4256d489e96c1b9ac68c
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 685eb7d..98184ae 100755
--- a/pom.xml
+++ b/pom.xml
@@ -463,16 +463,19 @@
<module>graphdb</module>
<module>titan</module>
<module>repository</module>
+ <module>authorization</module>
<module>catalog</module>
<!-- <module>dashboard</module> -->
<module>dashboardv2</module>
<module>webapp</module>
+
<module>docs</module>
<module>addons/hdfs-model</module>
<module>addons/hive-bridge</module>
<module>addons/falcon-bridge</module>
<module>addons/sqoop-bridge</module>
<module>addons/storm-bridge</module>
+
<module>distro</module>
</modules>
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/release-log.txt
----------------------------------------------------------------------
diff --git a/release-log.txt b/release-log.txt
index b28a8fa..554b4ef 100644
--- a/release-log.txt
+++ b/release-log.txt
@@ -21,6 +21,7 @@ ATLAS-409 Atlas will not import avro tables with schema read from a file (dosset
ATLAS-379 Create sqoop and falcon metadata addons (venkatnrangan,bvellanki,sowmyaramesh via shwethags)
ALL CHANGES:
+ATLAS-495 Atlas Ranger Authorization Plugin (nixonrodrigues via shwethags)
ATLAS-805 Quickstart is failing if run after queries to the business taxonomy API (jspeidel via shwethags)
ATLAS-774 Better error handling from login.jsp (nixonrodrigues via shwethags)
ATLAS-683 Refactor local type-system cache with cache provider interface (vmadugun via shwethags)
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/pom.xml
----------------------------------------------------------------------
diff --git a/webapp/pom.xml b/webapp/pom.xml
index 4b67ffa..5b023eb 100755
--- a/webapp/pom.xml
+++ b/webapp/pom.xml
@@ -89,6 +89,12 @@
<artifactId>atlas-client</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.apache.atlas</groupId>
+ <artifactId>atlas-authorization</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+
<dependency>
<groupId>org.apache.atlas</groupId>
<artifactId>atlas-notification</artifactId>
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessRequest.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessRequest.java b/webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessRequest.java
deleted file mode 100644
index 5db9646..0000000
--- a/webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessRequest.java
+++ /dev/null
@@ -1,117 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.atlas.authorize;
-
-import java.util.Date;
-import java.util.List;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class AtlasAccessRequest {
-
- private static Logger LOG = LoggerFactory.getLogger(AtlasAccessRequest.class);
- private static boolean isDebugEnabled = LOG.isDebugEnabled();
- private List<AtlasResourceTypes> resourceType = null;
- private String resource = null;
- private AtlasActionTypes action = null;
- private String user = null;
- private List<String> userGroups = null;
- private Date accessTime = null;
- private String clientIPAddress = null;
-
- public AtlasAccessRequest(List<AtlasResourceTypes> resourceType, String resource, AtlasActionTypes action,
- String user, List<String> userGroups) {
- if (isDebugEnabled) {
- LOG.debug("<== AtlasAccessRequestImpl-- Initializing AtlasAccessRequest");
- }
- setResource(resource);
- setAction(action);
- setUser(user);
- setUserGroups(userGroups);
- setResourceType(resourceType);
-
- // set remaining fields to default value
- setAccessTime(null);
- setClientIPAddress(null);
- }
-
- public List<AtlasResourceTypes> getResourceTypes() {
- return resourceType;
- }
-
- public void setResourceType(List<AtlasResourceTypes> resourceType) {
- this.resourceType = resourceType;
- }
-
- public String getResource() {
- return resource;
- }
-
- public void setResource(String resource) {
- this.resource = resource;
- }
-
- public AtlasActionTypes getAction() {
- return action;
- }
-
- public void setAction(AtlasActionTypes action) {
- this.action = action;
- }
-
- public String getUser() {
- return user;
- }
-
- public void setUser(String user) {
- this.user = user;
- }
-
- public void setUserGroups(List<String> userGroups) {
- this.userGroups = userGroups;
- }
-
- public List<String> getUserGroups() {
- return userGroups;
- }
-
- public Date getAccessTime() {
- return accessTime;
- }
-
- public void setAccessTime(Date accessTime) {
- this.accessTime = accessTime;
- }
-
- public String getClientIPAddress() {
- return clientIPAddress;
- }
-
- public void setClientIPAddress(String clientIPAddress) {
- this.clientIPAddress = clientIPAddress;
- }
-
- @Override
- public String toString() {
- return "AtlasAccessRequest [resourceType=" + resourceType + ", resource=" + resource + ", action=" + action
- + ", user=" + user + ", userGroups=" + userGroups + ", accessTime=" + accessTime + ", clientIPAddress="
- + clientIPAddress + "]";
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessorTypes.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessorTypes.java b/webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessorTypes.java
deleted file mode 100644
index 5f3827a..0000000
--- a/webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessorTypes.java
+++ /dev/null
@@ -1,22 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.atlas.authorize;
-
-public enum AtlasAccessorTypes {
- USER, GROUP;
-}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/authorize/AtlasActionTypes.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/authorize/AtlasActionTypes.java b/webapp/src/main/java/org/apache/atlas/authorize/AtlasActionTypes.java
deleted file mode 100644
index 13c8b53..0000000
--- a/webapp/src/main/java/org/apache/atlas/authorize/AtlasActionTypes.java
+++ /dev/null
@@ -1,22 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.atlas.authorize;
-
-public enum AtlasActionTypes {
- READ, WRITE, UPDATE, DELETE;
-}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationException.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationException.java b/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationException.java
deleted file mode 100644
index 676c9f9..0000000
--- a/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationException.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.atlas.authorize;
-
-public class AtlasAuthorizationException extends Exception {
- private static final long serialVersionUID = 1L;
-
- public AtlasAuthorizationException() {
-
- }
-
- public AtlasAuthorizationException(String message) {
- super(message);
- }
-
- public AtlasAuthorizationException(String message, Throwable exception) {
- super(message, exception);
- }
-
- public AtlasAuthorizationException(String message, Throwable exception, boolean enableSuppression,
- boolean writableStackTrace) {
- super(message, exception, enableSuppression, writableStackTrace);
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationUtils.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationUtils.java b/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationUtils.java
deleted file mode 100644
index 14a2aac..0000000
--- a/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationUtils.java
+++ /dev/null
@@ -1,149 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.atlas.authorize;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-
-import org.apache.atlas.AtlasClient;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.base.Strings;
-
-public class AtlasAuthorizationUtils {
- private static final Logger LOG = LoggerFactory.getLogger(AtlasAuthorizationUtils.class);
- private static boolean isDebugEnabled = LOG.isDebugEnabled();
- private static final String BASE_URL = "/" + AtlasClient.BASE_URI;
-
- public static String parse(String fullPath, String subPath) {
- String api = null;
- if (!Strings.isNullOrEmpty(fullPath)) {
- api = fullPath.substring(subPath.length(), fullPath.length());
-
- }
- if (isDebugEnabled) {
- LOG.debug("Extracted " + api + " from path : " + fullPath);
- }
- return api;
- }
-
- public static String getApi(String u) {
- if (isDebugEnabled) {
- LOG.debug("getApi <=== from " + u);
- }
- if (u.startsWith(BASE_URL)) {
- u = parse(u, BASE_URL);
- } else {
- // strip of leading '/'
- u = u.substring(1);
- }
- String[] split = u.split("/");
- String api = split[0];
- return (! api.equals("v1")) ? api : String.format("v1/%s", split[1]);
- }
-
- public static AtlasActionTypes getAtlasAction(String method) {
- AtlasActionTypes action = null;
-
- switch (method.toUpperCase()) {
- case "POST":
- action = AtlasActionTypes.WRITE;
- break;
- case "GET":
- action = AtlasActionTypes.READ;
- break;
- case "PUT":
- action = AtlasActionTypes.UPDATE;
- break;
- case "DELETE":
- action = AtlasActionTypes.DELETE;
- break;
- default:
- if (isDebugEnabled) {
- LOG.debug("Invalid HTTP method in request : " + method + " this is serious!!!");
- }
- break;
- }
-
- if (isDebugEnabled) {
- LOG.debug("==> AtlasAuthorizationFilter getAtlasAction HTTP Method " + method + " mapped to AtlasAction : "
- + action);
- }
- return action;
- }
-
- public static List<AtlasResourceTypes> getAtlasResourceType(String contextPath) throws ServletException {
- List<AtlasResourceTypes> resourceTypes = new ArrayList<AtlasResourceTypes>();
- if (isDebugEnabled) {
- LOG.debug("getAtlasResourceType <=== for " + contextPath);
- }
- String api = getApi(contextPath);
-
- if (api.startsWith("types")) {
- resourceTypes.add(AtlasResourceTypes.TYPE);
- } else if ((api.startsWith("discovery") && contextPath.contains("gremlin")) || api.startsWith("admin")
- || api.startsWith("graph")) {
- resourceTypes.add(AtlasResourceTypes.OPERATION);
- } else if ((api.startsWith("entities") && contextPath.contains("traits")) || api.startsWith("discovery")) {
- resourceTypes.add(AtlasResourceTypes.ENTITY);
- resourceTypes.add(AtlasResourceTypes.TYPE);
- } else if (api.startsWith("entities") || api.startsWith("lineage")) {
- resourceTypes.add(AtlasResourceTypes.ENTITY);
- } else if (api.startsWith("v1/taxonomies")) {
- resourceTypes.add(AtlasResourceTypes.TAXONOMY);
- // taxonomies are modeled as entities
- resourceTypes.add(AtlasResourceTypes.ENTITY);
- if (contextPath.contains("terms")) {
- resourceTypes.add(AtlasResourceTypes.TERM);
- // terms are modeled as traits
- resourceTypes.add(AtlasResourceTypes.TYPE);
- }
- } else if (api.startsWith("v1/entities")) {
- resourceTypes.add(AtlasResourceTypes.ENTITY);
- if (contextPath.contains("tags")) {
- // tags are modeled as traits
- resourceTypes.add(AtlasResourceTypes.TYPE);
- }
- } else {
- LOG.error("Unable to find Atlas Resource corresponding to : " + api);
- throw new ServletException("Unable to find Atlas Resource corresponding to : " + api);
- }
-
- if (isDebugEnabled) {
- LOG.debug("Returning AtlasResources " + resourceTypes + " for api " + api);
- }
- return resourceTypes;
- }
-
- /*
- * This implementation will be changed for Resource level Authorization.
- */
- public static String getAtlasResource(HttpServletRequest requeset, AtlasActionTypes action) {
- if (isDebugEnabled) {
- LOG.debug("getAtlasResource <=== "
- + "This implementation will be changed for Resource level Authorization.");
- }
- return "*";
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java b/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java
deleted file mode 100644
index 7c93c7a..0000000
--- a/webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.atlas.authorize;
-
-
-public interface AtlasAuthorizer {
- /**
- * This method will load the policy file and would initialize the required data-structures.
- */
- public void init();
-
- /**
- * This method is responsible to perform the actual authorization for every REST API call. It will check the if the
- * user:u can perform action:a on resource:r.
- *
- * @param request
- * @return
- */
- public boolean isAccessAllowed(AtlasAccessRequest request) throws AtlasAuthorizationException;
-
- /**
- * This method is responsible to perform the cleanup and release activities. It must be called when you are done
- * with the Authorization activity and once it's called a restart would be required. Try to invoke this while
- * destroying the context.
- */
- public void cleanUp();
-}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/authorize/AtlasResourceTypes.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/authorize/AtlasResourceTypes.java b/webapp/src/main/java/org/apache/atlas/authorize/AtlasResourceTypes.java
deleted file mode 100644
index 14a72f1..0000000
--- a/webapp/src/main/java/org/apache/atlas/authorize/AtlasResourceTypes.java
+++ /dev/null
@@ -1,23 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.atlas.authorize;
-
-public enum AtlasResourceTypes {
- ENTITY, TYPE, OPERATION, TAXONOMY, TERM;
-}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/authorize/PolicyDef.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/authorize/PolicyDef.java b/webapp/src/main/java/org/apache/atlas/authorize/PolicyDef.java
deleted file mode 100644
index 0ee39df..0000000
--- a/webapp/src/main/java/org/apache/atlas/authorize/PolicyDef.java
+++ /dev/null
@@ -1,67 +0,0 @@
-/** Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.atlas.authorize;
-
-import java.util.List;
-import java.util.Map;
-
-public class PolicyDef {
-
- private String policyName;
- private Map<String, List<AtlasActionTypes>> users;
- private Map<String, List<AtlasActionTypes>> groups;
- private Map<AtlasResourceTypes, List<String>> resources;
-
- public String getPolicyName() {
- return policyName;
- }
-
- public void setPolicyName(String policyName) {
- this.policyName = policyName;
- }
-
- public Map<String, List<AtlasActionTypes>> getUsers() {
- return users;
- }
-
- public void setUsers(Map<String, List<AtlasActionTypes>> users) {
- this.users = users;
- }
-
- public Map<String, List<AtlasActionTypes>> getGroups() {
- return groups;
- }
-
- public void setGroups(Map<String, List<AtlasActionTypes>> groups) {
- this.groups = groups;
- }
-
- public Map<AtlasResourceTypes, List<String>> getResources() {
- return resources;
- }
-
- public void setResources(Map<AtlasResourceTypes, List<String>> resources) {
- this.resources = resources;
- }
-
- @Override
- public String toString() {
- return "PolicyDef [policyName=" + policyName + ", users=" + users + ", groups=" + groups + ", resources="
- + resources + "]";
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/authorize/PolicyParser.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/authorize/PolicyParser.java b/webapp/src/main/java/org/apache/atlas/authorize/PolicyParser.java
deleted file mode 100644
index 51a6dc2..0000000
--- a/webapp/src/main/java/org/apache/atlas/authorize/PolicyParser.java
+++ /dev/null
@@ -1,238 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.atlas.authorize;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.regex.Pattern;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class PolicyParser {
-
- private static Logger LOG = LoggerFactory.getLogger(PolicyParser.class);
- private static boolean isDebugEnabled = LOG.isDebugEnabled();
- public static final int POLICYNAME = 0;
-
- public static final int USER_INDEX = 1;
- public static final int USERNAME = 0;
- public static final int USER_AUTHORITIES = 1;
-
- public static final int GROUP_INDEX = 2;
- public static final int GROUPNAME = 0;
- public static final int GROUP_AUTHORITIES = 1;
-
- public static final int RESOURCE_INDEX = 3;
- public static final int RESOURCE_TYPE = 0;
- public static final int RESOURCE_NAME = 1;
-
- private List<AtlasActionTypes> getListOfAutorities(String auth) {
- if (isDebugEnabled) {
- LOG.debug("<== PolicyParser getListOfAutorities");
- }
- List<AtlasActionTypes> authorities = new ArrayList<AtlasActionTypes>();
-
- for (int i = 0; i < auth.length(); i++) {
- char access = auth.toLowerCase().charAt(i);
- switch (access) {
- case 'r':
- authorities.add(AtlasActionTypes.READ);
- break;
- case 'w':
- authorities.add(AtlasActionTypes.WRITE);
- break;
- case 'u':
- authorities.add(AtlasActionTypes.UPDATE);
- break;
- case 'd':
- authorities.add(AtlasActionTypes.DELETE);
- break;
-
- default:
- if (LOG.isErrorEnabled()) {
- LOG.error("Invalid Action");
- }
- break;
- }
- }
- if (isDebugEnabled) {
- LOG.debug("==> PolicyParser getListOfAutorities");
- }
- return authorities;
- }
-
- public List<PolicyDef> parsePolicies(List<String> policies) {
- if (isDebugEnabled) {
- LOG.debug("<== PolicyParser parsePolicies");
- }
- List<PolicyDef> policyDefs = new ArrayList<PolicyDef>();
- for (String policy : policies) {
- PolicyDef policyDef = parsePolicy(policy);
- policyDefs.add(policyDef);
- }
- if (isDebugEnabled) {
- LOG.debug("==> PolicyParser parsePolicies");
- LOG.debug(policyDefs.toString());
- }
- return policyDefs;
- }
-
- private PolicyDef parsePolicy(String data) {
- if (isDebugEnabled) {
- LOG.debug("<== PolicyParser parsePolicy");
- }
- PolicyDef def = new PolicyDef();
- String[] props = data.split(";;");
- def.setPolicyName(props[POLICYNAME]);
- parseUsers(props[USER_INDEX], def);
- parseGroups(props[GROUP_INDEX], def);
- parseResources(props[RESOURCE_INDEX], def);
- if (isDebugEnabled) {
- LOG.debug("policy successfully parsed!!!");
- LOG.debug("==> PolicyParser parsePolicy");
- }
- return def;
- }
-
- private boolean validateEntity(String entity) {
- if (isDebugEnabled) {
- LOG.debug("<== PolicyParser validateEntity");
- }
- boolean isValidEntity = Pattern.matches("(.+:.+)+", entity);
- boolean isEmpty = entity.isEmpty();
- if (isValidEntity == false || isEmpty == true) {
- if (isDebugEnabled) {
- LOG.debug("group/user/resource not properly define in Policy");
- LOG.debug("==> PolicyParser validateEntity");
- }
- return false;
- } else {
- if (isDebugEnabled) {
- LOG.debug("==> PolicyParser validateEntity");
- }
- return true;
- }
-
- }
-
- private void parseUsers(String usersDef, PolicyDef def) {
- if (isDebugEnabled) {
- LOG.debug("<== PolicyParser parseUsers");
- }
- String[] users = usersDef.split(",");
- String[] userAndRole = null;
- Map<String, List<AtlasActionTypes>> usersMap = new HashMap<String, List<AtlasActionTypes>>();
- if (validateEntity(usersDef)) {
- for (String user : users) {
- if (!Pattern.matches("(.+:.+)+", user)) {
- continue;
- }
- userAndRole = user.split(":");
- if (def.getUsers() != null) {
- usersMap = def.getUsers();
- }
- List<AtlasActionTypes> userAutorities = usersMap.get(userAndRole[USERNAME]);
- if (userAutorities == null) {
-
- userAutorities = new ArrayList<AtlasActionTypes>();
- }
- userAutorities = getListOfAutorities(userAndRole[USER_AUTHORITIES]);
- usersMap.put(userAndRole[USERNAME], userAutorities);
- def.setUsers(usersMap);
- }
-
- } else {
- def.setUsers(usersMap);
- }
- if (isDebugEnabled) {
- LOG.debug("==> PolicyParser parseUsers");
- }
- }
-
- private void parseGroups(String groupsDef, PolicyDef def) {
- if (isDebugEnabled) {
- LOG.debug("<== PolicyParser parseGroups");
- }
- String[] groups = groupsDef.split("\\,");
- String[] groupAndRole = null;
- Map<String, List<AtlasActionTypes>> groupsMap = new HashMap<String, List<AtlasActionTypes>>();
- if (validateEntity(groupsDef.trim())) {
- for (String group : groups) {
- if (!Pattern.matches("(.+:.+)+", group)) {
- continue;
- }
- groupAndRole = group.split("[:]");
- if (def.getGroups() != null) {
- groupsMap = def.getGroups();
- }
- List<AtlasActionTypes> groupAutorities = groupsMap.get(groupAndRole[GROUPNAME]);
- if (groupAutorities == null) {
- groupAutorities = new ArrayList<AtlasActionTypes>();
- }
- groupAutorities = getListOfAutorities(groupAndRole[GROUP_AUTHORITIES]);
- groupsMap.put(groupAndRole[GROUPNAME], groupAutorities);
- def.setGroups(groupsMap);
- }
-
- } else {
- def.setGroups(groupsMap);
- }
- if (isDebugEnabled) {
- LOG.debug("==> PolicyParser parseGroups");
- }
-
- }
-
- private void parseResources(String resourceDef, PolicyDef def) {
- if (isDebugEnabled) {
- LOG.debug("<== PolicyParser parseResources");
- }
- String[] resources = resourceDef.split(",");
- String[] resourceTypeAndName = null;
- Map<AtlasResourceTypes, List<String>> resourcesMap = new HashMap<AtlasResourceTypes, List<String>>();
- if (validateEntity(resourceDef)) {
- for (String resource : resources) {
- if (!Pattern.matches("(.+:.+)+", resource)) {
- continue;
- }
- resourceTypeAndName = resource.split("[:]");
- if (def.getResources() != null) {
- resourcesMap = def.getResources();
- }
- AtlasResourceTypes resourceType =
- AtlasResourceTypes.valueOf(resourceTypeAndName[RESOURCE_TYPE].toUpperCase());
- List<String> resourceList = resourcesMap.get(resourceType);
- if (resourceList == null) {
- resourceList = new ArrayList<String>();
- }
- resourceList.add(resourceTypeAndName[RESOURCE_NAME]);
- resourcesMap.put(resourceType, resourceList);
- def.setResources(resourcesMap);
- }
- } else {
- def.setResources(resourcesMap);
- }
- if (isDebugEnabled) {
- LOG.debug("==> PolicyParser parseResources");
- }
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/authorize/PolicyUtil.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/authorize/PolicyUtil.java b/webapp/src/main/java/org/apache/atlas/authorize/PolicyUtil.java
deleted file mode 100644
index a565f96..0000000
--- a/webapp/src/main/java/org/apache/atlas/authorize/PolicyUtil.java
+++ /dev/null
@@ -1,164 +0,0 @@
-/** Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.atlas.authorize;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Map.Entry;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class PolicyUtil {
-
- private static Logger LOG = LoggerFactory.getLogger(PolicyUtil.class);
- private static boolean isDebugEnabled = LOG.isDebugEnabled();
- private Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap;
- private Map<String, Map<AtlasResourceTypes, List<String>>> userWriteMap;
- private Map<String, Map<AtlasResourceTypes, List<String>>> userUpdateMap;
- private Map<String, Map<AtlasResourceTypes, List<String>>> userDeleteMap;
-
- private Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap;
- private Map<String, Map<AtlasResourceTypes, List<String>>> groupWriteMap;
- private Map<String, Map<AtlasResourceTypes, List<String>>> groupUpdateMap;
- private Map<String, Map<AtlasResourceTypes, List<String>>> groupDeleteMap;
-
- /**
- * @return the userReadMap
- */
- public Map<String, Map<AtlasResourceTypes, List<String>>> getUserReadMap() {
- return userReadMap;
- }
-
- /**
- * @return the userWriteMap
- */
- public Map<String, Map<AtlasResourceTypes, List<String>>> getUserWriteMap() {
- return userWriteMap;
- }
-
- /**
- * @return the userUpdateMap
- */
- public Map<String, Map<AtlasResourceTypes, List<String>>> getUserUpdateMap() {
- return userUpdateMap;
- }
-
- /**
- * @return the userDeleteMap
- */
- public Map<String, Map<AtlasResourceTypes, List<String>>> getUserDeleteMap() {
- return userDeleteMap;
- }
-
- /**
- * @return the groupReadMap
- */
- public Map<String, Map<AtlasResourceTypes, List<String>>> getGroupReadMap() {
- return groupReadMap;
- }
-
- /**
- * @return the groupWriteMap
- */
- public Map<String, Map<AtlasResourceTypes, List<String>>> getGroupWriteMap() {
- return groupWriteMap;
- }
-
- /**
- * @return the groupUpdateMap
- */
- public Map<String, Map<AtlasResourceTypes, List<String>>> getGroupUpdateMap() {
- return groupUpdateMap;
- }
-
- /**
- * @return the groupDeleteMap
- */
- public Map<String, Map<AtlasResourceTypes, List<String>>> getGroupDeleteMap() {
- return groupDeleteMap;
- }
-
- public Map<String, Map<AtlasResourceTypes, List<String>>> createPermissionMap(List<PolicyDef> policyDefList,
- AtlasActionTypes permissionType, AtlasAccessorTypes principalType) {
- if (isDebugEnabled) {
- LOG.debug("<== PolicyUtil createPermissionMap");
- LOG.debug("Creating Permission Map for :: " + permissionType + " & " + principalType);
- }
- Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap =
- new HashMap<String, Map<AtlasResourceTypes, List<String>>>();
-
- // Iterate over the list of policies to create map
- for (PolicyDef policyDef : policyDefList) {
- LOG.info("Processing policy def : " + policyDef);
- Map<String, List<AtlasActionTypes>> principalMap =
- principalType.equals(AtlasAccessorTypes.USER) ? policyDef.getUsers() : policyDef.getGroups();
- // For every policy extract the resource list and populate the user map
- for (Entry<String, List<AtlasActionTypes>> e : principalMap.entrySet()) {
- // Check if the user has passed permission type like READ
- if (!e.getValue().contains(permissionType)) {
- continue;
- }
- // See if the current user is already added to map
- String username = e.getKey();
- Map<AtlasResourceTypes, List<String>> userResourceList = userReadMap.get(username);
-
- // If its not added then create a new resource list
- if (userResourceList == null) {
- if (isDebugEnabled) {
- LOG.debug("Resource list not found for " + username + ", creating it");
- }
- userResourceList = new HashMap<AtlasResourceTypes, List<String>>();
- }
- /*
- * Iterate over resources from the current policy def and update the resource list for the current user
- */
- for (Entry<AtlasResourceTypes, List<String>> resourceTypeMap : policyDef.getResources().entrySet()) {
- // For the current resourceType in the policyDef, get the
- // current list of resources already added
- AtlasResourceTypes type = resourceTypeMap.getKey();
- List<String> resourceList = userResourceList.get(type);
-
- if (resourceList == null) {
- // if the resource list was not added for this type then
- // create and add all the resources in this policy
- resourceList = new ArrayList<String>();
- resourceList.addAll(resourceTypeMap.getValue());
- } else {
- // if the resource list is present then merge both the
- // list
- resourceList.removeAll(resourceTypeMap.getValue());
- resourceList.addAll(resourceTypeMap.getValue());
- }
-
- userResourceList.put(type, resourceList);
- }
- userReadMap.put(username, userResourceList);
- LOG.info("userReadMap=====>>>>>> " + userReadMap);
- }
- }
- if (isDebugEnabled) {
- LOG.debug("Returning Map for " + principalType + " :: " + userReadMap);
- LOG.debug("==> PolicyUtil createPermissionMap");
- }
- return userReadMap;
-
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/authorize/SimpleAtlasAuthorizer.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/authorize/SimpleAtlasAuthorizer.java b/webapp/src/main/java/org/apache/atlas/authorize/SimpleAtlasAuthorizer.java
deleted file mode 100644
index 2a32e4e..0000000
--- a/webapp/src/main/java/org/apache/atlas/authorize/SimpleAtlasAuthorizer.java
+++ /dev/null
@@ -1,380 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.atlas.authorize;
-
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-
-import org.apache.atlas.ApplicationProperties;
-import org.apache.atlas.AtlasException;
-import org.apache.atlas.util.FileReaderUtil;
-import org.apache.atlas.util.PropertiesUtil;
-import org.apache.commons.configuration.Configuration;
-import org.apache.commons.io.FilenameUtils;
-import org.apache.commons.io.IOCase;
-import org.apache.commons.lang.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.google.common.annotations.VisibleForTesting;
-
-public final class SimpleAtlasAuthorizer implements AtlasAuthorizer {
- private static final Logger LOG = LoggerFactory.getLogger(SimpleAtlasAuthorizer.class);
- private boolean isDebugEnabled = LOG.isDebugEnabled();
-
- private final static String WILDCARD_ASTERISK = "*";
- private final static String WILDCARDS = "*?";
- private boolean optIgnoreCase = false;
-
- private Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap = null;
- private Map<String, Map<AtlasResourceTypes, List<String>>> userWriteMap = null;
- private Map<String, Map<AtlasResourceTypes, List<String>>> userUpdateMap = null;
- private Map<String, Map<AtlasResourceTypes, List<String>>> userDeleteMap = null;
- private Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap = null;
- private Map<String, Map<AtlasResourceTypes, List<String>>> groupWriteMap = null;
- private Map<String, Map<AtlasResourceTypes, List<String>>> groupUpdateMap = null;
- private Map<String, Map<AtlasResourceTypes, List<String>>> groupDeleteMap = null;
- private static AtlasAuthorizer defaultAuthorizer = new SimpleAtlasAuthorizer();
-
- private SimpleAtlasAuthorizer() {
- }
-
- public static AtlasAuthorizer getInstance() {
- return defaultAuthorizer;
- }
-
- @Override
- public void init() {
- if (isDebugEnabled) {
- LOG.debug("<== SimpleAtlasAuthorizer init");
- }
- try {
-
- PolicyUtil util = new PolicyUtil();
- PolicyParser parser = new PolicyParser();
- optIgnoreCase = Boolean.valueOf(PropertiesUtil.getProperty("optIgnoreCase", "false"));
-
- if (isDebugEnabled) {
- LOG.debug("Read from PropertiesUtil --> optIgnoreCase :: " + optIgnoreCase);
- }
-
- Configuration configuration = ApplicationProperties.get();
- String policyStorePath = configuration.getString("atlas.auth.policy.file");
-
- if (isDebugEnabled) {
- LOG.debug("Loading Apache Atlas policies from : " + policyStorePath);
- }
-
- List<String> policies = FileReaderUtil.readFile(policyStorePath);
- List<PolicyDef> policyDef = parser.parsePolicies(policies);
-
- userReadMap = util.createPermissionMap(policyDef, AtlasActionTypes.READ, AtlasAccessorTypes.USER);
- userWriteMap = util.createPermissionMap(policyDef, AtlasActionTypes.WRITE, AtlasAccessorTypes.USER);
- userUpdateMap = util.createPermissionMap(policyDef, AtlasActionTypes.UPDATE, AtlasAccessorTypes.USER);
- userDeleteMap = util.createPermissionMap(policyDef, AtlasActionTypes.DELETE, AtlasAccessorTypes.USER);
-
- groupReadMap = util.createPermissionMap(policyDef, AtlasActionTypes.READ, AtlasAccessorTypes.GROUP);
- groupWriteMap = util.createPermissionMap(policyDef, AtlasActionTypes.WRITE, AtlasAccessorTypes.GROUP);
- groupUpdateMap = util.createPermissionMap(policyDef, AtlasActionTypes.UPDATE, AtlasAccessorTypes.GROUP);
- groupDeleteMap = util.createPermissionMap(policyDef, AtlasActionTypes.DELETE, AtlasAccessorTypes.GROUP);
-
- if (isDebugEnabled) {
- LOG.debug("\n\nUserReadMap :: " + userReadMap + "\nGroupReadMap :: " + groupReadMap);
- LOG.debug("\n\nUserWriteMap :: " + userWriteMap + "\nGroupWriteMap :: " + groupWriteMap);
- LOG.debug("\n\nUserUpdateMap :: " + userUpdateMap + "\nGroupUpdateMap :: " + groupUpdateMap);
- LOG.debug("\n\nUserDeleteMap :: " + userDeleteMap + "\nGroupDeleteMap :: " + groupDeleteMap);
- }
-
- } catch (IOException | AtlasException e) {
- if (LOG.isErrorEnabled()) {
- LOG.error("SimpleAtlasAuthorizer could not be initialized properly due to : ", e);
- }
- }
- }
-
- @Override
- public boolean isAccessAllowed(AtlasAccessRequest request) throws AtlasAuthorizationException {
- if (isDebugEnabled) {
- LOG.debug("<== SimpleAtlasAuthorizer isAccessAllowed");
- LOG.debug("isAccessAllowd(" + request + ")");
- }
- String user = request.getUser();
- List<String> groups = request.getUserGroups();
- AtlasActionTypes action = request.getAction();
- String resource = request.getResource();
- List<AtlasResourceTypes> resourceTypes = request.getResourceTypes();
- if (isDebugEnabled)
- LOG.debug("Checking for :: \nUser :: " + user + "\nGroups :: " + groups + "\nAction :: " + action
- + "\nResource :: " + resource);
-
- boolean isAccessAllowed = false;
- boolean isUser = user == null ? false : true;
- boolean isGroup = groups == null ? false : true;
-
- if ((!isUser && !isGroup) || action == null || resource == null) {
- if (isDebugEnabled) {
- LOG.debug("Please check the formation AtlasAccessRequest.");
- }
- return isAccessAllowed;
- } else {
- if (isDebugEnabled) {
- LOG.debug("checkAccess for Operation :: " + action + " on Resource " + resourceTypes + ":" + resource);
- }
- switch (action) {
- case READ:
- isAccessAllowed = checkAccess(user, resourceTypes, resource, userReadMap);
- isAccessAllowed =
- isAccessAllowed == false ? checkAccessForGroups(groups, resourceTypes, resource, groupReadMap)
- : isAccessAllowed;
- break;
- case WRITE:
- isAccessAllowed = checkAccess(user, resourceTypes, resource, userWriteMap);
- isAccessAllowed =
- isAccessAllowed == false ? checkAccessForGroups(groups, resourceTypes, resource, groupWriteMap)
- : isAccessAllowed;
- break;
- case UPDATE:
- isAccessAllowed = checkAccess(user, resourceTypes, resource, userUpdateMap);
- isAccessAllowed =
- isAccessAllowed == false
- ? checkAccessForGroups(groups, resourceTypes, resource, groupUpdateMap) : isAccessAllowed;
- break;
- case DELETE:
- isAccessAllowed = checkAccess(user, resourceTypes, resource, userDeleteMap);
- isAccessAllowed =
- isAccessAllowed == false
- ? checkAccessForGroups(groups, resourceTypes, resource, groupDeleteMap) : isAccessAllowed;
- break;
- default:
- if (isDebugEnabled) {
- LOG.debug("Invalid Action " + action);
- LOG.debug("Raising an exception!!!");
- }
- throw new AtlasAuthorizationException("Invalid Exception :: " + action);
- }
- }
-
- if (isDebugEnabled) {
- LOG.debug("==> +SimpleAtlasAuthorizer isAccessAllowed = " + isAccessAllowed);
- }
-
- return isAccessAllowed;
- }
-
- private boolean checkAccess(String accessor, List<AtlasResourceTypes> resourceTypes, String resource,
- Map<String, Map<AtlasResourceTypes, List<String>>> map) {
- if (isDebugEnabled) {
- LOG.debug("<== SimpleAtlasAuthorizer checkAccess");
- LOG.debug("Now checking access for accessor : " + accessor + "\nResource Types : " + resourceTypes
- + "\nResource : " + resource + "\nMap : " + map);
- }
- boolean result = true;
- Map<AtlasResourceTypes, List<String>> rescMap = map.get(accessor);
- if (rescMap != null) {
- for (AtlasResourceTypes resourceType : resourceTypes) {
- List<String> accessList = rescMap.get(resourceType);
- if (isDebugEnabled) {
- LOG.debug("\nChecking for resource : " + resource + " in list : " + accessList + "\n");
- }
- if (accessList != null) {
- result = result && isMatch(resource, accessList);
- } else {
- result = false;
- }
- }
- } else {
- result = false;
- if (isDebugEnabled)
- LOG.debug("Key " + accessor + " missing. Returning with result : " + result);
- }
-
- if (isDebugEnabled) {
- LOG.debug("Check for " + accessor + " :: " + result);
- LOG.debug("==> SimpleAtlasAuthorizer checkAccess");
- }
- return result;
- }
-
- private boolean checkAccessForGroups(List<String> groups, List<AtlasResourceTypes> resourceType, String resource,
- Map<String, Map<AtlasResourceTypes, List<String>>> map) {
- boolean isAccessAllowed = false;
- if (isDebugEnabled) {
- LOG.debug("<== SimpleAtlasAuthorizer checkAccessForGroups");
- }
-
- for (String group : groups) {
- isAccessAllowed = checkAccess(group, resourceType, resource, map);
- if (isAccessAllowed) {
- break;
- }
- }
-
- if (isDebugEnabled) {
- LOG.debug("==> SimpleAtlasAuthorizer checkAccessForGroups");
- }
- return isAccessAllowed;
- }
-
- private boolean resourceMatchHelper(List<String> policyResource) {
- boolean isMatchAny = false;
- if (isDebugEnabled) {
- LOG.debug("<== SimpleAtlasAuthorizer resourceMatchHelper");
- }
-
- boolean optWildCard = true;
-
- List<String> policyValues = new ArrayList<String>();
-
- if (policyResource != null) {
- boolean isWildCardPresent = !optWildCard;
- for (String policyValue : policyResource) {
- if (StringUtils.isEmpty(policyValue)) {
- continue;
- }
- if (StringUtils.containsOnly(policyValue, WILDCARD_ASTERISK)) {
- isMatchAny = true;
- } else if (!isWildCardPresent && StringUtils.containsAny(policyValue, WILDCARDS)) {
- isWildCardPresent = true;
- }
- policyValues.add(policyValue);
- }
- optWildCard = optWildCard && isWildCardPresent;
- } else {
- isMatchAny = false;
- }
-
- if (isDebugEnabled) {
- LOG.debug("==> SimpleAtlasAuthorizer resourceMatchHelper");
- }
- return isMatchAny;
- }
-
- private boolean isMatch(String resource, List<String> policyValues) {
- if (isDebugEnabled) {
- LOG.debug("<== SimpleAtlasAuthorizer isMatch");
- }
- boolean isMatchAny = resourceMatchHelper(policyValues);
- boolean isMatch = false;
- boolean allValuesRequested = isAllValuesRequested(resource);
-
- if (allValuesRequested || isMatchAny) {
- isMatch = isMatchAny;
- } else {
- for (String policyValue : policyValues) {
- if (policyValue.contains("*")) {
- isMatch =
- optIgnoreCase ? FilenameUtils.wildcardMatch(resource, policyValue, IOCase.INSENSITIVE)
- : FilenameUtils.wildcardMatch(resource, policyValue, IOCase.SENSITIVE);
- } else {
- isMatch =
- optIgnoreCase ? StringUtils.equalsIgnoreCase(resource, policyValue) : StringUtils.equals(
- resource, policyValue);
- }
- if (isMatch) {
- break;
- }
- }
- }
-
- if (isMatch == false) {
-
- if (isDebugEnabled) {
- StringBuilder sb = new StringBuilder();
- sb.append("[");
- for (String policyValue : policyValues) {
- sb.append(policyValue);
- sb.append(" ");
- }
- sb.append("]");
-
- LOG.debug("AtlasDefaultResourceMatcher.isMatch returns FALSE, (resource=" + resource
- + ", policyValues=" + sb.toString() + ")");
- }
-
- }
-
- if (isDebugEnabled) {
- LOG.debug("==> SimpleAtlasAuthorizer isMatch(" + resource + "): " + isMatch);
- }
-
- return isMatch;
- }
-
- private boolean isAllValuesRequested(String resource) {
- boolean result = StringUtils.isEmpty(resource) || WILDCARD_ASTERISK.equals(resource);
- return result;
- }
-
- @Override
- public void cleanUp() {
- if (isDebugEnabled) {
- LOG.debug("<== +SimpleAtlasAuthorizer cleanUp");
- }
- userReadMap = null;
- userWriteMap = null;
- userUpdateMap = null;
- userDeleteMap = null;
- groupReadMap = null;
- groupWriteMap = null;
- groupUpdateMap = null;
- groupDeleteMap = null;
- if (isDebugEnabled) {
- LOG.debug("==> +SimpleAtlasAuthorizer cleanUp");
- }
- }
-
- /*
- * NOTE :: This method is added for setting the maps for testing purpose.
- */
- @VisibleForTesting
- public void setResourcesForTesting(Map<String, Map<AtlasResourceTypes, List<String>>> userMap,
- Map<String, Map<AtlasResourceTypes, List<String>>> groupMap, AtlasActionTypes actionTypes) {
-
- switch (actionTypes) {
- case READ:
- this.userReadMap = userMap;
- this.groupReadMap = groupMap;
- break;
-
- case WRITE:
-
- this.userWriteMap = userMap;
- this.groupWriteMap = groupMap;
- break;
- case UPDATE:
-
- this.userUpdateMap = userMap;
- this.groupUpdateMap = groupMap;
- break;
- case DELETE:
-
- this.userDeleteMap = userMap;
- this.groupDeleteMap = groupMap;
- break;
-
- default:
- if (isDebugEnabled) {
- LOG.debug("No such action available");
- }
- break;
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/util/FileReaderUtil.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/util/FileReaderUtil.java b/webapp/src/main/java/org/apache/atlas/util/FileReaderUtil.java
deleted file mode 100644
index 22eaff9..0000000
--- a/webapp/src/main/java/org/apache/atlas/util/FileReaderUtil.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.atlas.util;
-
-import java.io.BufferedReader;
-import java.io.FileReader;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.regex.Pattern;
-
-import org.apache.log4j.Logger;
-
-public class FileReaderUtil {
- private static Logger LOG = Logger.getLogger(FileReaderUtil.class);
- private static boolean isDebugEnabled = LOG.isDebugEnabled();
-
- public static List<String> readFile(String path) throws IOException {
- if (isDebugEnabled) {
- LOG.debug("<== FileReaderUtil readFile");
- }
- LOG.info("reading the file" + path);
- BufferedReader br = new BufferedReader(new FileReader(path));
- List<String> list = new ArrayList<String>();
- String line = null;
- while ((line = br.readLine()) != null) {
- if ((!line.startsWith("##")) && Pattern.matches(".+;;.*;;.*;;.+", line))
- list.add(line);
- }
-
- if (isDebugEnabled) {
- LOG.debug("==> FileReaderUtil readFile");
- LOG.debug("Policies read :: " + list);
- }
- if (br != null) {
- br.close();
- }
- return list;
- }
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/util/PropertiesUtil.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/util/PropertiesUtil.java b/webapp/src/main/java/org/apache/atlas/util/PropertiesUtil.java
deleted file mode 100644
index fef8efb..0000000
--- a/webapp/src/main/java/org/apache/atlas/util/PropertiesUtil.java
+++ /dev/null
@@ -1,135 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-
-package org.apache.atlas.util;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Properties;
-import java.util.Set;
-
-import org.apache.log4j.Logger;
-import org.springframework.beans.BeansException;
-import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
-import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
-
-public class PropertiesUtil extends PropertyPlaceholderConfigurer {
- private static Map<String, String> propertiesMap = new HashMap<String, String>();
- private static Logger logger = Logger.getLogger(PropertiesUtil.class);
- protected List<String> xmlPropertyConfigurer = new ArrayList<String>();
-
- private PropertiesUtil() {
-
- }
-
- @Override
- protected void processProperties(ConfigurableListableBeanFactory beanFactory, Properties props)
- throws BeansException {
-
- Properties sysProps = System.getProperties();
- if (sysProps != null) {
- for (String key : sysProps.stringPropertyNames()) {
- String value = sysProps.getProperty(key);
- if (value != null) {
- value = value.trim();
- }
- propertiesMap.put(key, value);
- }
- }
-
- Set<Object> keySet = props.keySet();
- for (Object key : keySet) {
- String keyStr = key.toString();
- propertiesMap.put(keyStr, props.getProperty(keyStr).trim());
- }
-
- super.processProperties(beanFactory, props);
- }
-
- public static String getProperty(String key, String defaultValue) {
- if (key == null) {
- return null;
- }
- String rtrnVal = propertiesMap.get(key);
- if (rtrnVal == null) {
- rtrnVal = defaultValue;
- }
- return rtrnVal;
- }
-
- public static String getProperty(String key) {
- if (key == null) {
- return null;
- }
- return propertiesMap.get(key);
- }
-
- public static String[] getPropertyStringList(String key) {
- if (key == null) {
- return null;
- }
- String value = propertiesMap.get(key);
- if (value != null) {
- String[] splitValues = value.split(",");
- String[] returnValues = new String[splitValues.length];
- for (int i = 0; i < splitValues.length; i++) {
- returnValues[i] = splitValues[i].trim();
- }
- return returnValues;
- } else {
- return new String[0];
- }
- }
-
- public static Integer getIntProperty(String key, int defaultValue) {
- if (key == null) {
- return null;
- }
- String rtrnVal = propertiesMap.get(key);
- if (rtrnVal == null) {
- return defaultValue;
- }
- return Integer.valueOf(rtrnVal);
- }
-
- public static Integer getIntProperty(String key) {
- if (key == null) {
- return null;
- }
- String rtrnVal = propertiesMap.get(key);
- if (rtrnVal == null) {
- return null;
- }
- return Integer.valueOf(rtrnVal);
- }
-
- public static boolean getBooleanProperty(String key, boolean defaultValue) {
- if (key == null) {
- return defaultValue;
- }
- String value = getProperty(key);
- if (value == null) {
- return defaultValue;
- }
- return Boolean.parseBoolean(value);
- }
-}
\ No newline at end of file