You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2014/09/12 04:13:42 UTC
[1/3] git commit: ARGUS-40: User denied table access after access is
granted via GRANT
Repository: incubator-argus
Updated Branches:
refs/heads/master 043d3da12 -> 02a35cc61
ARGUS-40: User denied table access after access is granted via GRANT
Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/b7c6e9ef
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/b7c6e9ef
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/b7c6e9ef
Branch: refs/heads/master
Commit: b7c6e9efebc47242df84fda8dd98b2df3226e95f
Parents: 1490df2
Author: mneethiraj <mn...@hortonworks.com>
Authored: Thu Sep 11 14:36:31 2014 -0700
Committer: mneethiraj <mn...@hortonworks.com>
Committed: Thu Sep 11 14:36:31 2014 -0700
----------------------------------------------------------------------
.../admin/client/datatype/GrantRevokeData.java | 14 +-
.../main/java/com/xasecure/biz/XABizUtil.java | 533 ++++---------------
.../java/com/xasecure/common/StringUtil.java | 5 +
.../com/xasecure/service/XPolicyService.java | 10 +-
4 files changed, 120 insertions(+), 442 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/b7c6e9ef/agents-common/src/main/java/com/xasecure/admin/client/datatype/GrantRevokeData.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/com/xasecure/admin/client/datatype/GrantRevokeData.java b/agents-common/src/main/java/com/xasecure/admin/client/datatype/GrantRevokeData.java
index 0431f97..451e785 100644
--- a/agents-common/src/main/java/com/xasecure/admin/client/datatype/GrantRevokeData.java
+++ b/agents-common/src/main/java/com/xasecure/admin/client/datatype/GrantRevokeData.java
@@ -33,6 +33,8 @@ public class GrantRevokeData implements java.io.Serializable {
private boolean isAuditEnabled;
private boolean replacePerm;
private List<PermMap> permMapList = new ArrayList<PermMap>();
+
+ private static String WILDCARD_ASTERISK = "*";
public GrantRevokeData() {
@@ -112,9 +114,9 @@ public class GrantRevokeData implements java.io.Serializable {
this.grantor = grantor;
this.repositoryName = repositoryName;
this.repositoryType = "hive";
- this.databases = databases;
- this.tables = tables;
- this.columns = columns;
+ this.databases = StringUtil.isEmpty(databases) ? WILDCARD_ASTERISK : databases;
+ this.tables = StringUtil.isEmpty(tables) ? WILDCARD_ASTERISK : tables;
+ this.columns = StringUtil.isEmpty(columns) ? WILDCARD_ASTERISK : columns;
this.isAuditEnabled = true;
this.isEnabled = true;
this.replacePerm = false;
@@ -130,9 +132,9 @@ public class GrantRevokeData implements java.io.Serializable {
this.grantor = grantor;
this.repositoryName = repositoryName;
this.repositoryType = "hbase";
- this.tables = tables;
- this.columns = columns;
- this.columnFamilies = columnFamilies;
+ this.tables = StringUtil.isEmpty(tables) ? WILDCARD_ASTERISK : tables;
+ this.columns = StringUtil.isEmpty(columns) ? WILDCARD_ASTERISK : columns;
+ this.columnFamilies = StringUtil.isEmpty(columnFamilies) ? WILDCARD_ASTERISK : columnFamilies;
this.isAuditEnabled = true;
this.isEnabled = true;
this.replacePerm = true;
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/b7c6e9ef/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java b/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
index 3c6ef1f..91e1301 100644
--- a/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
+++ b/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
@@ -603,23 +603,20 @@ public class XABizUtil {
public boolean matchHbasePolicy(String resourceName,
List<XXResource> xResourceList, VXResponse vXResponse, Long xUserId,
int permission) {
- if(stringUtil.isEmpty(resourceName)){
+ if(stringUtil.isEmpty(resourceName) || xResourceList==null || xUserId==null){
return false;
}
- if(xResourceList==null){
- return false;
- }
- if(xUserId==null){
- return false;
- }
- String[] splittedResources = stringUtil.split(resourceName,
- File.separator);
- int numberOfResources = splittedResources.length;
- if (numberOfResources < 1 || numberOfResources > 3) {
- logger.debug("Invalid policy name : " + resourceName);
+
+ String[] splittedResources = stringUtil.split(resourceName, File.separator);
+ if (splittedResources.length < 1 || splittedResources.length > 3) {
+ logger.debug("Invalid resourceName name : " + resourceName);
return false;
}
+ String tblName = splittedResources.length > 0 ? splittedResources[0] : StringUtil.WILDCARD_ASTERISK;
+ String colFamName = splittedResources.length > 1 ? splittedResources[1] : StringUtil.WILDCARD_ASTERISK;
+ String colName = splittedResources.length > 2 ? splittedResources[2] : StringUtil.WILDCARD_ASTERISK;
+
boolean policyMatched = false;
// check all resources whether Hbase policy is enabled in any resource
// of provided resource list
@@ -628,75 +625,36 @@ public class XABizUtil {
continue;
}
Long resourceId = xResource.getId();
- boolean hasPermission = checkUsrPermForPolicy(xUserId, permission,
- resourceId);
+ boolean hasPermission = checkUsrPermForPolicy(xUserId, permission, resourceId);
// if permission is enabled then load Tables,column family and
// columns list from resource
- if (hasPermission) {
- String[] xTables = (xResource.getTables() == null || xResource
- .getTables().equalsIgnoreCase("")) ? null : stringUtil
- .split(xResource.getTables(), ",");
- String[] xColumnFamilies = (xResource.getColumnFamilies() == null || xResource
- .getColumnFamilies().equalsIgnoreCase("")) ? null
- : stringUtil.split(xResource.getColumnFamilies(), ",");
- String[] xColumns = (xResource.getColumns() == null || xResource
- .getColumns().equalsIgnoreCase("")) ? null : stringUtil
- .split(xResource.getColumns(), ",");
+ if (! hasPermission) {
+ continue;
+ }
- boolean matchFound = false;
+ // 1. does the policy match the table?
+ String[] xTables = stringUtil.isEmpty(xResource.getTables()) ? null : stringUtil.split(xResource.getTables(), ",");
- for (int index = 0; index < numberOfResources; index++) {
- matchFound = false;
- // check whether given table resource matches with any
- // existing table resource
- if (index == 0) {
- if(xTables!=null){
- for (String xTable : xTables) {
- if (matchPath(splittedResources[index], xTable)) {
- matchFound = true;
- continue;
- }
- }
- }
- if(!matchFound) {
- break;
- }
- } // check whether given column family resource matches with
- // any existing column family resource
- else if (index == 1) {
- if(xColumnFamilies!=null){
- for (String xColumnFamily : xColumnFamilies) {
- if (matchPath(splittedResources[index],
- xColumnFamily)) {
- matchFound = true;
- continue;
- }
- }
- }
- if(!matchFound) {
- break;
- }
- }// check whether given column resource matches with any
- // existing column resource
- else if (index == 2) {
- if(xColumns!=null){
- for (String xColumn : xColumns) {
- if (matchPath(splittedResources[index], xColumn)) {
- matchFound = true;
- continue;
- }
- }
- }
- if(!matchFound) {
- break;
- }
- }
- }
- if (matchFound) {
- policyMatched = true;
- break;
+ boolean matchFound = (xTables == null || xTables.length == 0) ? true : matchPath(tblName, xTables);
+
+ if(matchFound) {
+ // 2. does the policy match the column?
+ String[] xColumnFamilies = stringUtil.isEmpty(xResource.getColumnFamilies()) ? null : stringUtil.split(xResource.getColumnFamilies(), ",");
+
+ matchFound = (xColumnFamilies == null || xColumnFamilies.length == 0) ? true : matchPath(colFamName, xColumnFamilies);
+
+ if(matchFound) {
+ // 3. does the policy match the columnFamily?
+ String[] xColumns = stringUtil.isEmpty(xResource.getColumns()) ? null : stringUtil.split(xResource.getColumns(), ",");
+
+ matchFound = (xColumns == null || xColumns.length == 0) ? true : matchPath(colName, xColumns);
}
}
+
+ if (matchFound) {
+ policyMatched = true;
+ break;
+ }
}
return policyMatched;
}
@@ -722,387 +680,84 @@ public class XABizUtil {
public boolean matchHivePolicy(String resourceName,
List<XXResource> xResourceList, Long xUserId, int permission,
int reqTableType, int reqColumnType, boolean isUdfPolicy) {
- if(stringUtil.isEmpty(resourceName)){
- return false;
- }
- if(xResourceList==null){
- return false;
- }
- if(xUserId==null){
+
+ if(stringUtil.isEmpty(resourceName) || xResourceList==null || xUserId==null){
return false;
}
- String[] splittedResources = stringUtil.split(resourceName,
- File.separator);// get list of resources
- int numberOfResources = splittedResources.length;
- if (numberOfResources < 1 || numberOfResources > 3) {
- logger.debug("Invalid policy name : " + resourceName);
+
+ String[] splittedResources = stringUtil.split(resourceName, File.separator);// get list of resources
+ if (splittedResources.length < 1 || splittedResources.length > 3) {
+ logger.debug("Invalid resource name : " + resourceName);
return false;
}
+
+ String dbName = splittedResources.length > 0 ? splittedResources[0] : StringUtil.WILDCARD_ASTERISK;
+ String tblName = splittedResources.length > 1 ? splittedResources[1] : StringUtil.WILDCARD_ASTERISK;
+ String colName = splittedResources.length > 2 ? splittedResources[2] : StringUtil.WILDCARD_ASTERISK;
boolean policyMatched = false;
for (XXResource xResource : xResourceList) {
if (xResource.getResourceStatus() != AppConstants.STATUS_ENABLED) {
continue;
}
+
Long resourceId = xResource.getId();
- boolean hasPermission = checkUsrPermForPolicy(xUserId, permission,
- resourceId);
+ boolean hasPermission = checkUsrPermForPolicy(xUserId, permission, resourceId);
- if (hasPermission) {
- // get database list from resource list
- String[] xDatabases = stringUtil.split(
- xResource.getDatabases(), ",");
- // get table list from resource list
- String[] xTables = (xResource.getTables() == null || xResource
- .getTables().equalsIgnoreCase("")) ? null : stringUtil
- .split(xResource.getTables(), ",");
- // get UDF list from resource list
- String[] xUdfs = (xResource.getUdfs() == null || xResource
- .getUdfs().equalsIgnoreCase("")) ? null : stringUtil
- .split(xResource.getUdfs(), ",");
- // get column list from resource list
- String[] xColumns = (xResource.getColumns() == null || xResource
- .getColumns().equalsIgnoreCase("")) ? null : stringUtil
- .split(xResource.getColumns(), ",");
+ if (! hasPermission) {
+ continue;
+ }
- boolean matchFound = false;
- // check whether given database resource available in database
- // list
- for (String xDatabase : xDatabases) {
- if (matchPath(splittedResources[0], xDatabase)) {
- matchFound = true;
- }
- }
- if (!matchFound) {
+ // 1. does the policy match the database?
+ String[] xDatabases = stringUtil.isEmpty(xResource.getDatabases()) ? null : stringUtil.split(xResource.getDatabases(), ",");
+
+ boolean matchFound = (xDatabases == null || xDatabases.length == 0) ? true : matchPath(dbName, xDatabases);
+
+ if (! matchFound) {
+ continue;
+ }
+
+ if (isUdfPolicy) {
+ // 2. does the policy match the UDF?
+ String[] xUdfs = stringUtil.isEmpty(xResource.getUdfs()) ? null : stringUtil.split(xResource.getUdfs(), ",");
+
+ if(! matchPath(tblName, xUdfs)) {
continue;
+ } else {
+ policyMatched = true;
+ break;
}
- // check whether given UDF resource available in UDF list
- if (isUdfPolicy) {
- if (xUdfs != null) {
- for (String xUdf : xUdfs) {
- if (matchPath(splittedResources[1], xUdf)) {
- policyMatched = true;
- break;
- }
- }
- } else {
- continue;
- }
+ } else {
+ // 2. does the policy match the table?
+ String[] xTables = stringUtil.isEmpty(xResource.getTables()) ? null : stringUtil.split(xResource.getTables(), ",");
+
+ System.out.println("tblName=" + tblName + "; xTables=" + xTables);
+
+ matchFound = (xTables == null || xTables.length == 0) ? true : matchPath(tblName, xTables);
+
+ if(xResource.getTableType() == AppConstants.POLICY_EXCLUSION) {
+ matchFound = !matchFound;
}
- int dbTableType = xResource.getTableType();
- int dbColumnType = xResource.getColumnType();
- // true if database table type and column type is include
- boolean isXResourceInc = XABizUtil.areAllEqual(
- AppConstants.POLICY_INCLUSION, dbTableType,
- dbColumnType);
- // true if requested table type and requested column type is
- // include
- boolean isReqResourceInc = XABizUtil.areAllEqual(
- AppConstants.POLICY_INCLUSION, reqTableType,
- reqColumnType);
-
- if (numberOfResources < 2) {
+ if (!matchFound) {
continue;
}
- if (isReqResourceInc) {
- if (isXResourceInc) { // True and True
- matchFound = false;
- if(xTables!=null){
- for (String xTable : xTables) {
- if (matchPath(splittedResources[1], xTable)) {
- matchFound = true;
- }
- }
- }
- if (!matchFound) {
- continue;
- }
+ // 3. does current policy match the column?
+ String[] xColumns = stringUtil.isEmpty(xResource.getColumns()) ? null : stringUtil.split(xResource.getColumns(), ",");
- if (xColumns == null) {
- policyMatched = true;
- break;
- } else {
- if (numberOfResources < 3) {
- continue;
- }
- }
+ matchFound = (xColumns == null || xColumns.length == 0) ? true : matchPath(colName, xColumns);
- matchFound = false;
- for (String xColumn : xColumns) {
- if (matchPath(splittedResources[2], xColumn)) {
- policyMatched = true;
- break;
- }
- }
- if (!matchFound) {
- continue;
- }
- } else { // only condition 2 is true
-
- if (dbTableType == AppConstants.POLICY_EXCLUSION) {
- for (String xTable : xTables) {
- if (matchPath(splittedResources[1], xTable)) {
- continue;
- }
- }
- } else {
- matchFound = false;
- for (String xTable : xTables) {
- if (matchPath(splittedResources[1], xTable)) {
- matchFound = true;
- }
- }
- if (!matchFound) {
- continue;
- }
- }
-
- if (xColumns == null) {
- return true;
- } else {
- if (numberOfResources < 3) {
- return false;
- }
- }
+ if(xResource.getColumnType() == AppConstants.POLICY_EXCLUSION) {
+ matchFound = !matchFound;
+ }
- if (dbColumnType == AppConstants.POLICY_EXCLUSION) {
- for (String xColumn : xColumns) {
- if (matchPath(splittedResources[2], xColumn)) {
- continue;
- }
- }
- } else {
- matchFound = false;
- for (String xColumn : xColumns) {
- if (matchPath(splittedResources[2], xColumn)) {
- matchFound = true;
- }
- }
- if (!matchFound) {
- continue;
- }
- }
- }
+ if (!matchFound) {
+ continue;
} else {
- // Only admin is allowed to create exclude policies.
- boolean isAdmin = ContextUtil.getCurrentUserSession()
- .isUserAdmin();
- return isAdmin;
+ policyMatched = true;
+ break;
}
-
- // if (isXResourceInc && isReqResourceInc) { // True and True
- // matchFound = false;
- // for (String xTable : xTables) {
- // if (matchPath(splittedResources[1], xTable)) {
- // matchFound = true;
- // }
- // }
- // if (!matchFound) {
- // continue;
- // }
- //
- // if (xColumns == null) {
- // policyMatched = true;
- // break;
- // } else {
- // if (numberOfResources < 3) {
- // continue;
- // }
- // }
- //
- // matchFound = false;
- // for (String xColumn : xColumns) {
- // if (matchPath(splittedResources[2], xColumn)) {
- // policyMatched = true;
- // break;
- // }
- // }
- // if (!matchFound) {
- // continue;
- // }
- // } else if (isXResourceInc) { // only condition 1 is true
- //
- // if (reqTableType == AppConstants.POLICY_EXCLUSION) {
- // matchFound = false;
- // for (String xTable : xTables) {
- // if (xTable.equals("*")) {
- // matchFound = true;
- // }
- // }
- // if (!matchFound) {
- // continue;
- // }
- //
- // } else {
- // matchFound = false;
- // for (String xTable : xTables) {
- // if (matchPath(splittedResources[1], xTable)) {
- // matchFound = true;
- // }
- // }
- // if (!matchFound) {
- // continue;
- // }
- // }
- //
- // if (xColumns == null) {
- // policyMatched = true;
- // break;
- // } else {
- // if (numberOfResources < 3) {
- // continue;
- // }
- // }
- //
- // if (reqColumnType == AppConstants.POLICY_EXCLUSION) {
- // matchFound = false;
- // for (String xColumn : xColumns) {
- // if (xColumn.equals("*")) {
- // matchFound = true;
- // }
- // }
- // if (!matchFound) {
- // continue;
- // }
- //
- // } else {
- // matchFound = false;
- // for (String xColumn : xColumns) {
- // if (matchPath(splittedResources[2], xColumn)) {
- // matchFound = true;
- // }
- // }
- // if (!matchFound) {
- // continue;
- // }
- // }
- //
- // } else if (isReqResourceInc) { // only condition 2 is true
- //
- // if (dbTableType == AppConstants.POLICY_EXCLUSION) {
- // for (String xTable : xTables) {
- // if (matchPath(splittedResources[1], xTable)) {
- // continue;
- // }
- // }
- // } else {
- // matchFound = false;
- // for (String xTable : xTables) {
- // if (matchPath(splittedResources[1], xTable)) {
- // matchFound = true;
- // }
- // }
- // if (!matchFound) {
- // continue;
- // }
- // }
- //
- // if (xColumns == null) {
- // return true;
- // } else {
- // if (numberOfResources < 3) {
- // return false;
- // }
- // }
- //
- // if (dbColumnType == AppConstants.POLICY_EXCLUSION) {
- // for (String xColumn : xColumns) {
- // if (matchPath(splittedResources[2], xColumn)) {
- // continue;
- // }
- // }
- // } else {
- // matchFound = false;
- // for (String xColumn : xColumns) {
- // if (matchPath(splittedResources[2], xColumn)) {
- // matchFound = true;
- // }
- // }
- // if (!matchFound) {
- // continue;
- // }
- // }
-
- // } else { //else cases
- // if (dbTableType == AppConstants.POLICY_EXCLUSION) {
- // if (reqTableType == AppConstants.POLICY_EXCLUSION) {
- // for (String xTable : xTables) {
- // if (matchPath(splittedResources[1], xTable)) {
- // continue;
- // }
- // }
- // } else {
- // for (String xTable : xTables) {
- // if (matchPath(splittedResources[1], xTable)) {
- // continue;
- // }
- // }
- // }
- // } else {
- // if (reqTableType == AppConstants.POLICY_EXCLUSION) {
- // matchFound = false;
- // for (String xTable : xTables) {
- // if (xTable.equals("*")) {
- // matchFound = true;
- // }
- // }
- // if (!matchFound) {
- // return false;
- // }
- // } else {
- // for (String xTable : xTables) {
- // if (matchPath(splittedResources[1], xTable)) {
- // continue;
- // }
- // }
- // }
- // }
- //
- // if (xColumns == null) {
- // return true;
- // } else {
- // if (numberOfResources < 3) {
- // return false;
- // }
- // }
- //
- // if (dbColumnType == AppConstants.POLICY_EXCLUSION) {
- // if (reqColumnType == AppConstants.POLICY_EXCLUSION) {
- // for (String xColumn : xColumns) {
- // if (matchPath(splittedResources[2], xColumn)) {
- // continue;
- // }
- // }
- // } else {
- // for (String xColumn : xColumns) {
- // if (matchPath(splittedResources[2], xColumn)) {
- // continue;
- // }
- // }
- // }
- // } else {
- // if (reqColumnType == AppConstants.POLICY_EXCLUSION) {
- // matchFound = false;
- // for (String xColumn : xColumns) {
- // if (xColumn.equals("*")) {
- // matchFound = true;
- // }
- // }
- // if (!matchFound) {
- // return false;
- // }
- // } else {
- // for (String xColumn : xColumns) {
- // if (matchPath(splittedResources[2], xColumn)) {
- // continue;
- // }
- // }
- // }
- // }
- //
- // }
}
}
return policyMatched;
@@ -1514,6 +1169,10 @@ public class XABizUtil {
*/
private boolean matchPath(String pathToCheckFragment,
String wildCardPathFragment) {
+ if(pathToCheckFragment == null || wildCardPathFragment == null) {
+ return false;
+ }
+
if (pathToCheckFragment.contains("*")
|| pathToCheckFragment.contains("?")) {
pathToCheckFragment = replaceMetaChars(pathToCheckFragment);
@@ -1536,6 +1195,18 @@ public class XABizUtil {
}
}
}
+
+ private boolean matchPath(String pathToCheck, String[] wildCardPaths) {
+ if (pathToCheck != null && wildCardPaths != null) {
+ for (String wildCardPath : wildCardPaths) {
+ if (matchPath(pathToCheck, wildCardPath)) {
+ return true;
+ }
+ }
+ }
+
+ return false;
+ }
/**
* This method returns true if first parameter value is equal to others
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/b7c6e9ef/security-admin/src/main/java/com/xasecure/common/StringUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/common/StringUtil.java b/security-admin/src/main/java/com/xasecure/common/StringUtil.java
index 1a66459..8dc3e14 100644
--- a/security-admin/src/main/java/com/xasecure/common/StringUtil.java
+++ b/security-admin/src/main/java/com/xasecure/common/StringUtil.java
@@ -22,6 +22,7 @@ public class StringUtil implements Serializable {
static final public String VALIDATION_ALPHA = "[a-z,A-Z]*";
static final public String VALIDATION_IP_ADDRESS = "[\\d\\.\\%\\:]*";
+ static final public String WILDCARD_ASTERISK = "*";
static HashMap<String, Pattern> compiledRegEx = new HashMap<String, Pattern>();
@@ -50,6 +51,10 @@ public class StringUtil implements Serializable {
return false;
}
+ public boolean isEmptyOrWildcardAsterisk(String str) {
+ return isEmpty(str) || str.equals(WILDCARD_ASTERISK);
+ }
+
public boolean equals(String str1, String str2) {
if (str1 == str2) {
return true;
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/b7c6e9ef/security-admin/src/main/java/com/xasecure/service/XPolicyService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/service/XPolicyService.java b/security-admin/src/main/java/com/xasecure/service/XPolicyService.java
index 0122639..ac58ac7 100644
--- a/security-admin/src/main/java/com/xasecure/service/XPolicyService.java
+++ b/security-admin/src/main/java/com/xasecure/service/XPolicyService.java
@@ -647,10 +647,10 @@ public class XPolicyService extends PublicAPIServiceBase<VXResource, VXPolicy> {
}
if (!stringUtil.isEmpty(vXPolicy.getDatabases())) {
resourceType = AppConstants.RESOURCE_DB;
- if (!stringUtil.isEmpty(vXPolicy.getTables())) {
+ if (!stringUtil.isEmptyOrWildcardAsterisk(vXPolicy.getTables())) {
resourceType = AppConstants.RESOURCE_TABLE;
}
- if (!stringUtil.isEmpty(vXPolicy.getColumns())) {
+ if (!stringUtil.isEmptyOrWildcardAsterisk(vXPolicy.getColumns())) {
resourceType = AppConstants.RESOURCE_COLUMN;
}
if (!stringUtil.isEmpty(vXPolicy.getUdfs())) {
@@ -658,15 +658,15 @@ public class XPolicyService extends PublicAPIServiceBase<VXResource, VXPolicy> {
}
} else if (!stringUtil.isEmpty(vXPolicy.getTables())) {
resourceType = AppConstants.RESOURCE_TABLE;
- if (!stringUtil.isEmpty(vXPolicy.getColumnFamilies())) {
+ if (!stringUtil.isEmptyOrWildcardAsterisk(vXPolicy.getColumnFamilies())) {
resourceType = AppConstants.RESOURCE_COL_FAM;
}
- if (!stringUtil.isEmpty(vXPolicy.getColumns())) {
+ if (!stringUtil.isEmptyOrWildcardAsterisk(vXPolicy.getColumns())) {
resourceType = AppConstants.RESOURCE_COLUMN;
}
} else if (!stringUtil.isEmpty(vXPolicy.getTopologies())) {
resourceType = AppConstants.RESOURCE_TOPOLOGY;
- if (!stringUtil.isEmpty(vXPolicy.getServices())) {
+ if (!stringUtil.isEmptyOrWildcardAsterisk(vXPolicy.getServices())) {
resourceType = AppConstants.RESOURCE_SERVICE_NAME;
}
}
[3/3] git commit: Merge branch 'master' of
https://git-wip-us.apache.org/repos/asf/incubator-argus
Posted by ma...@apache.org.
Merge branch 'master' of https://git-wip-us.apache.org/repos/asf/incubator-argus
Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/02a35cc6
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/02a35cc6
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/02a35cc6
Branch: refs/heads/master
Commit: 02a35cc6144e308f37e27a978aed114568c95aed
Parents: 8be10c1 043d3da
Author: mneethiraj <mn...@hortonworks.com>
Authored: Thu Sep 11 19:12:20 2014 -0700
Committer: mneethiraj <mn...@hortonworks.com>
Committed: Thu Sep 11 19:12:20 2014 -0700
----------------------------------------------------------------------
.../java/com/xasecure/audit/dao/BaseDao.java | 29 +++++++++++++-------
.../hadoop/config/XaSecureConfiguration.java | 25 +++++++++++++----
.../pdp/config/Jersey2PolicyRefresher.java | 25 +++++++++++++----
.../xasecure/pdp/config/PolicyRefresher.java | 25 +++++++++++++----
.../com/xasecure/pdp/hbase/HBaseAuthDB.java | 25 +++++++++++++----
.../com/xasecure/pdp/hbase/HBaseAuthRules.java | 25 +++++++++++++----
.../com/xasecure/pdp/hbase/URLBasedAuthDB.java | 25 +++++++++++++----
.../xasecure/pdp/hbase/XASecureAuthorizer.java | 25 +++++++++++++----
.../com/xasecure/pdp/hdfs/URLBasedAuthDB.java | 25 +++++++++++++----
.../java/com/xasecure/pdp/hive/HiveAuthDB.java | 25 +++++++++++++----
.../com/xasecure/pdp/hive/HiveAuthRule.java | 25 +++++++++++++----
.../pdp/hive/HiveAuthorizationProviderBase.java | 25 +++++++++++++----
.../com/xasecure/pdp/hive/URLBasedAuthDB.java | 25 +++++++++++++----
.../com/xasecure/pdp/utils/XaSecureUtils.java | 25 +++++++++++++----
.../com/xasecure/authorization/hbase/Crypt.java | 25 +++++++++++++----
.../hbase/HBaseAccessController.java | 25 +++++++++++++----
.../hbase/HBaseAccessControllerFactory.java | 25 +++++++++++++----
.../hbase/XaSecureAccessControlFilter.java | 25 +++++++++++++----
.../hbase/XaSecureAuthorizationCoprocessor.java | 25 +++++++++++++----
.../hadoop/HDFSAccessVerifier.java | 25 +++++++++++++----
.../hadoop/HDFSAccessVerifierFactory.java | 25 +++++++++++++----
.../agent/AuthCodeInjectionJavaAgent.java | 25 +++++++++++++----
.../agent/HadoopAuthClassTransformer.java | 25 +++++++++++++----
.../XaSecureAccessControlException.java | 25 +++++++++++++----
.../namenode/XaSecureFSPermissionChecker.java | 25 +++++++++++++----
.../hadoop/security/SecureClientLogin.java | 25 +++++++++++++----
.../java/com/xasecure/biz/AssetMgrBase.java | 27 ++++++++++++------
.../main/java/com/xasecure/biz/UserMgrBase.java | 27 ++++++++++++------
.../java/com/xasecure/biz/XAuditMgrBase.java | 27 ++++++++++++------
.../java/com/xasecure/biz/XUserMgrBase.java | 27 ++++++++++++------
.../java/com/xasecure/common/AppConstants.java | 27 ++++++++++++------
.../java/com/xasecure/common/XACommonEnums.java | 27 ++++++++++++------
.../java/com/xasecure/common/db/BaseDao.java | 29 +++++++++++++-------
.../java/com/xasecure/common/view/VList.java | 29 +++++++++++++-------
.../main/java/com/xasecure/db/XADaoManager.java | 29 +++++++++++++-------
.../java/com/xasecure/db/XADaoManagerBase.java | 27 ++++++++++++------
.../java/com/xasecure/db/XXAccessAuditDao.java | 27 ++++++++++++------
.../main/java/com/xasecure/db/XXAssetDao.java | 27 ++++++++++++------
.../java/com/xasecure/db/XXAuditMapDao.java | 27 ++++++++++++------
.../java/com/xasecure/db/XXAuthSessionDao.java | 27 ++++++++++++------
.../com/xasecure/db/XXCredentialStoreDao.java | 27 ++++++++++++------
.../main/java/com/xasecure/db/XXDBBaseDao.java | 27 ++++++++++++------
.../main/java/com/xasecure/db/XXGroupDao.java | 29 +++++++++++++-------
.../java/com/xasecure/db/XXGroupGroupDao.java | 27 ++++++++++++------
.../java/com/xasecure/db/XXGroupUserDao.java | 29 +++++++++++++-------
.../main/java/com/xasecure/db/XXPermMapDao.java | 27 ++++++++++++------
.../com/xasecure/db/XXPolicyExportAuditDao.java | 27 ++++++++++++------
.../java/com/xasecure/db/XXPortalUserDao.java | 29 +++++++++++++-------
.../com/xasecure/db/XXPortalUserRoleDao.java | 29 +++++++++++++-------
.../java/com/xasecure/db/XXResourceDao.java | 29 +++++++++++++-------
.../main/java/com/xasecure/db/XXTrxLogDao.java | 27 ++++++++++++------
.../main/java/com/xasecure/db/XXUserDao.java | 29 +++++++++++++-------
.../java/com/xasecure/entity/XXAccessAudit.java | 27 ++++++++++++------
.../main/java/com/xasecure/entity/XXAsset.java | 27 ++++++++++++------
.../java/com/xasecure/entity/XXAuditMap.java | 27 ++++++++++++------
.../java/com/xasecure/entity/XXAuthSession.java | 27 ++++++++++++------
.../com/xasecure/entity/XXCredentialStore.java | 27 ++++++++++++------
.../main/java/com/xasecure/entity/XXDBBase.java | 27 ++++++++++++------
.../main/java/com/xasecure/entity/XXGroup.java | 27 ++++++++++++------
.../java/com/xasecure/entity/XXGroupGroup.java | 27 ++++++++++++------
.../java/com/xasecure/entity/XXGroupUser.java | 27 ++++++++++++------
.../java/com/xasecure/entity/XXPermMap.java | 27 ++++++++++++------
.../xasecure/entity/XXPolicyExportAudit.java | 27 ++++++++++++------
.../java/com/xasecure/entity/XXPortalUser.java | 27 ++++++++++++------
.../com/xasecure/entity/XXPortalUserRole.java | 27 ++++++++++++------
.../java/com/xasecure/entity/XXResource.java | 27 ++++++++++++------
.../main/java/com/xasecure/entity/XXTrxLog.java | 27 ++++++++++++------
.../main/java/com/xasecure/entity/XXUser.java | 27 ++++++++++++------
.../com/xasecure/entity/view/VXXTrxLog.java | 29 +++++++++++++-------
.../com/xasecure/service/UserServiceBase.java | 27 ++++++++++++------
.../service/XAccessAuditServiceBase.java | 27 ++++++++++++------
.../com/xasecure/service/XAssetServiceBase.java | 27 ++++++++++++------
.../xasecure/service/XAuditMapServiceBase.java | 27 ++++++++++++------
.../service/XCredentialStoreServiceBase.java | 27 ++++++++++++------
.../service/XGroupGroupServiceBase.java | 27 ++++++++++++------
.../com/xasecure/service/XGroupServiceBase.java | 27 ++++++++++++------
.../xasecure/service/XGroupUserServiceBase.java | 27 ++++++++++++------
.../xasecure/service/XPermMapServiceBase.java | 27 ++++++++++++------
.../service/XPolicyExportAuditServiceBase.java | 27 ++++++++++++------
.../service/XPortalUserServiceBase.java | 27 ++++++++++++------
.../xasecure/service/XResourceServiceBase.java | 27 ++++++++++++------
.../xasecure/service/XTrxLogServiceBase.java | 27 ++++++++++++------
.../com/xasecure/service/XUserServiceBase.java | 27 ++++++++++++------
.../main/java/com/xasecure/util/XAEnumUtil.java | 27 ++++++++++++------
.../java/com/xasecure/view/VXAccessAudit.java | 27 ++++++++++++------
.../com/xasecure/view/VXAccessAuditList.java | 27 ++++++++++++------
.../main/java/com/xasecure/view/VXAsset.java | 27 ++++++++++++------
.../java/com/xasecure/view/VXAssetList.java | 27 ++++++++++++------
.../main/java/com/xasecure/view/VXAuditMap.java | 27 ++++++++++++------
.../java/com/xasecure/view/VXAuditMapList.java | 27 ++++++++++++------
.../java/com/xasecure/view/VXAuthSession.java | 27 ++++++++++++------
.../com/xasecure/view/VXAuthSessionList.java | 27 ++++++++++++------
.../com/xasecure/view/VXCredentialStore.java | 27 ++++++++++++------
.../xasecure/view/VXCredentialStoreList.java | 27 ++++++++++++------
.../java/com/xasecure/view/VXDataObject.java | 27 ++++++++++++------
.../main/java/com/xasecure/view/VXGroup.java | 27 ++++++++++++------
.../java/com/xasecure/view/VXGroupGroup.java | 27 ++++++++++++------
.../com/xasecure/view/VXGroupGroupList.java | 27 ++++++++++++------
.../java/com/xasecure/view/VXGroupList.java | 27 ++++++++++++------
.../java/com/xasecure/view/VXGroupUser.java | 27 ++++++++++++------
.../java/com/xasecure/view/VXGroupUserList.java | 27 ++++++++++++------
.../src/main/java/com/xasecure/view/VXLong.java | 27 ++++++++++++------
.../main/java/com/xasecure/view/VXMessage.java | 27 ++++++++++++------
.../com/xasecure/view/VXPasswordChange.java | 27 ++++++++++++------
.../main/java/com/xasecure/view/VXPermMap.java | 27 ++++++++++++------
.../java/com/xasecure/view/VXPermMapList.java | 27 ++++++++++++------
.../main/java/com/xasecure/view/VXPermObj.java | 29 +++++++++++++-------
.../java/com/xasecure/view/VXPermObjList.java | 29 +++++++++++++-------
.../main/java/com/xasecure/view/VXPolicy.java | 29 +++++++++++++-------
.../com/xasecure/view/VXPolicyExportAudit.java | 27 ++++++++++++------
.../xasecure/view/VXPolicyExportAuditList.java | 27 ++++++++++++------
.../java/com/xasecure/view/VXPolicyList.java | 29 +++++++++++++-------
.../java/com/xasecure/view/VXPortalUser.java | 27 ++++++++++++------
.../com/xasecure/view/VXPortalUserList.java | 27 ++++++++++++------
.../java/com/xasecure/view/VXRepository.java | 29 +++++++++++++-------
.../com/xasecure/view/VXRepositoryList.java | 29 +++++++++++++-------
.../main/java/com/xasecure/view/VXResource.java | 27 ++++++++++++------
.../java/com/xasecure/view/VXResourceList.java | 27 ++++++++++++------
.../main/java/com/xasecure/view/VXResponse.java | 27 ++++++++++++------
.../main/java/com/xasecure/view/VXString.java | 27 ++++++++++++------
.../java/com/xasecure/view/VXStringList.java | 27 ++++++++++++------
.../main/java/com/xasecure/view/VXTrxLog.java | 27 ++++++++++++------
.../java/com/xasecure/view/VXTrxLogList.java | 27 ++++++++++++------
.../src/main/java/com/xasecure/view/VXUser.java | 27 ++++++++++++------
.../main/java/com/xasecure/view/VXUserList.java | 27 ++++++++++++------
security-admin/src/main/webapp/scripts/App.js | 25 +++++++++++------
.../collection_bases/VXAccessAuditListBase.js | 25 +++++++++++------
.../scripts/collection_bases/VXAssetListBase.js | 25 +++++++++++------
.../collection_bases/VXAuditMapListBase.js | 25 +++++++++++------
.../collection_bases/VXAuditRecordListBase.js | 25 +++++++++++------
.../collection_bases/VXAuthSessionListBase.js | 25 +++++++++++------
.../scripts/collection_bases/VXGroupListBase.js | 25 +++++++++++------
.../collection_bases/VXPermMapListBase.js | 25 +++++++++++------
.../VXPolicyExportAuditListBase.js | 25 +++++++++++------
.../collection_bases/VXPortalUserListBase.js | 25 +++++++++++------
.../collection_bases/VXResourceListBase.js | 25 +++++++++++------
.../collection_bases/VXTrxLogListBase.js | 25 +++++++++++------
.../scripts/collection_bases/VXUserListBase.js | 25 +++++++++++------
.../scripts/collections/VXAccessAuditList.js | 25 +++++++++++------
.../webapp/scripts/collections/VXAssetList.js | 25 +++++++++++------
.../scripts/collections/VXAuditMapList.js | 25 +++++++++++------
.../scripts/collections/VXAuditRecordList.js | 25 +++++++++++------
.../scripts/collections/VXAuthSessionList.js | 25 +++++++++++------
.../webapp/scripts/collections/VXGroupList.js | 25 +++++++++++------
.../webapp/scripts/collections/VXPermMapList.js | 25 +++++++++++------
.../collections/VXPolicyExportAuditList.js | 25 +++++++++++------
.../scripts/collections/VXPortalUserList.js | 25 +++++++++++------
.../scripts/collections/VXResourceList.js | 25 +++++++++++------
.../webapp/scripts/collections/VXTrxLogList.js | 25 +++++++++++------
.../webapp/scripts/collections/VXUserList.js | 25 +++++++++++------
.../scripts/collections/XABaseCollection.js | 25 +++++++++++------
.../webapp/scripts/controllers/Controller.js | 25 +++++++++++------
.../src/main/webapp/scripts/mgrs/SessionMgr.js | 25 +++++++++++------
.../scripts/model_bases/VXAccessAuditBase.js | 25 +++++++++++------
.../webapp/scripts/model_bases/VXAssetBase.js | 25 +++++++++++------
.../scripts/model_bases/VXAuditMapBase.js | 25 +++++++++++------
.../scripts/model_bases/VXAuditRecordBase.js | 25 +++++++++++------
.../scripts/model_bases/VXAuthSessionBase.js | 25 +++++++++++------
.../webapp/scripts/model_bases/VXGroupBase.js | 25 +++++++++++------
.../scripts/model_bases/VXPasswordChangeBase.js | 25 +++++++++++------
.../webapp/scripts/model_bases/VXPermMapBase.js | 25 +++++++++++------
.../model_bases/VXPolicyExportAuditBase.js | 25 +++++++++++------
.../scripts/model_bases/VXPortalUserBase.js | 25 +++++++++++------
.../scripts/model_bases/VXResourceBase.js | 25 +++++++++++------
.../webapp/scripts/model_bases/VXTrxLogBase.js | 25 +++++++++++------
.../webapp/scripts/model_bases/VXUserBase.js | 25 +++++++++++------
.../src/main/webapp/scripts/models/VAppState.js | 29 +++++++++++++-------
.../main/webapp/scripts/models/VXAccessAudit.js | 25 +++++++++++------
.../src/main/webapp/scripts/models/VXAsset.js | 25 +++++++++++------
.../main/webapp/scripts/models/VXAuditMap.js | 25 +++++++++++------
.../main/webapp/scripts/models/VXAuditRecord.js | 25 +++++++++++------
.../main/webapp/scripts/models/VXAuthSession.js | 25 +++++++++++------
.../src/main/webapp/scripts/models/VXGroup.js | 25 +++++++++++------
.../webapp/scripts/models/VXPasswordChange.js | 25 +++++++++++------
.../src/main/webapp/scripts/models/VXPermMap.js | 25 +++++++++++------
.../scripts/models/VXPolicyExportAudit.js | 25 +++++++++++------
.../main/webapp/scripts/models/VXPortalUser.js | 25 +++++++++++------
.../main/webapp/scripts/models/VXResource.js | 25 +++++++++++------
.../src/main/webapp/scripts/models/VXTrxLog.js | 25 +++++++++++------
.../src/main/webapp/scripts/models/VXUser.js | 25 +++++++++++------
.../main/webapp/scripts/models/XABaseModel.js | 25 +++++++++++------
.../src/main/webapp/scripts/utils/XAEnums.js | 25 +++++++++++------
.../src/main/webapp/scripts/utils/XAGlobals.js | 25 +++++++++++------
.../webapp/scripts/utils/XATemplateHelpers.js | 25 +++++++++++------
.../src/main/webapp/scripts/utils/XAUtils.js | 25 +++++++++++------
.../main/webapp/scripts/utils/XAViewUtils.js | 25 +++++++++++------
.../scripts/views/accounts/AccountCreate.js | 25 +++++++++++------
.../views/accounts/AccountDetailLayout.js | 25 +++++++++++------
.../scripts/views/accounts/AccountForm.js | 25 +++++++++++------
.../views/accounts/AccountTableLayout.js | 25 +++++++++++------
.../webapp/scripts/views/asset/AssetCreate.js | 25 +++++++++++------
.../webapp/scripts/views/asset/AssetForm.js | 25 +++++++++++------
.../scripts/views/asset/AssetTableLayout.js | 25 +++++++++++------
.../webapp/scripts/views/common/AddGroup.js | 25 +++++++++++------
.../scripts/views/common/DashboardLayout.js | 25 +++++++++++------
.../webapp/scripts/views/common/ErrorView.js | 25 +++++++++++------
.../main/webapp/scripts/views/common/Footer.js | 25 +++++++++++------
.../webapp/scripts/views/common/ProfileBar.js | 25 +++++++++++------
.../main/webapp/scripts/views/common/Spinner.js | 25 +++++++++++------
.../main/webapp/scripts/views/common/TopNav.js | 25 +++++++++++------
.../webapp/scripts/views/common/XABackgrid.js | 25 +++++++++++------
.../scripts/views/common/XATableLayout.js | 25 +++++++++++------
.../webapp/scripts/views/folders/FolderInfo.js | 25 +++++++++++------
.../scripts/views/hbase/HbasePolicyCreate.js | 25 +++++++++++------
.../scripts/views/hbase/HbasePolicyForm.js | 25 +++++++++++------
.../scripts/views/hbase/HbaseTableLayout.js | 25 +++++++++++------
.../scripts/views/hdfs/HDFSTableLayout.js | 25 +++++++++++------
.../scripts/views/hive/HivePolicyCreate.js | 25 +++++++++++------
.../webapp/scripts/views/hive/HivePolicyForm.js | 25 +++++++++++------
.../scripts/views/hive/HiveTableLayout.js | 25 +++++++++++------
.../scripts/views/knox/KnoxPolicyCreate.js | 25 +++++++++++------
.../webapp/scripts/views/knox/KnoxPolicyForm.js | 25 +++++++++++------
.../scripts/views/knox/KnoxTableLayout.js | 25 +++++++++++------
.../webapp/scripts/views/policy/PolicyCreate.js | 25 +++++++++++------
.../webapp/scripts/views/policy/PolicyForm.js | 25 +++++++++++------
.../views/policymanager/PolicyManagerLayout.js | 25 +++++++++++------
.../webapp/scripts/views/reports/AuditLayout.js | 25 +++++++++++------
.../scripts/views/reports/LoginSessionDetail.js | 25 +++++++++++------
.../views/reports/OperationDiffDetail.js | 25 +++++++++++------
.../scripts/views/reports/UserAccessLayout.js | 25 +++++++++++------
.../scripts/views/storm/StormPolicyCreate.js | 25 +++++++++++------
.../scripts/views/storm/StormPolicyForm.js | 25 +++++++++++------
.../scripts/views/storm/StormTableLayout.js | 25 +++++++++++------
.../webapp/scripts/views/user/UserProfile.js | 25 +++++++++++------
.../scripts/views/user/UserProfileForm.js | 25 +++++++++++------
.../webapp/scripts/views/users/GroupCreate.js | 25 +++++++++++------
.../webapp/scripts/views/users/GroupForm.js | 25 +++++++++++------
.../webapp/scripts/views/users/UserCreate.js | 25 +++++++++++------
.../main/webapp/scripts/views/users/UserForm.js | 25 +++++++++++------
.../main/webapp/scripts/views/users/UserInfo.js | 25 +++++++++++------
.../scripts/views/users/UserTableLayout.js | 25 +++++++++++------
231 files changed, 4121 insertions(+), 1892 deletions(-)
----------------------------------------------------------------------
[2/3] git commit: Misc: removed debug print statement
Posted by ma...@apache.org.
Misc: removed debug print statement
Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/8be10c1e
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/8be10c1e
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/8be10c1e
Branch: refs/heads/master
Commit: 8be10c1eb6d898acdbd646672351356c9f30c789
Parents: b7c6e9e
Author: mneethiraj <mn...@hortonworks.com>
Authored: Thu Sep 11 19:12:11 2014 -0700
Committer: mneethiraj <mn...@hortonworks.com>
Committed: Thu Sep 11 19:12:11 2014 -0700
----------------------------------------------------------------------
security-admin/src/main/java/com/xasecure/biz/XABizUtil.java | 2 --
1 file changed, 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/8be10c1e/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java b/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
index 91e1301..74c8328 100644
--- a/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
+++ b/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
@@ -730,8 +730,6 @@ public class XABizUtil {
} else {
// 2. does the policy match the table?
String[] xTables = stringUtil.isEmpty(xResource.getTables()) ? null : stringUtil.split(xResource.getTables(), ",");
-
- System.out.println("tblName=" + tblName + "; xTables=" + xTables);
matchFound = (xTables == null || xTables.length == 0) ? true : matchPath(tblName, xTables);