You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2019/05/30 04:02:30 UTC
[ranger] branch ranger-0.7 updated: RANGER-2208: Code improvement
to fetch User/Group information and Service Config details
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch ranger-0.7
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/ranger-0.7 by this push:
new b661ac4 RANGER-2208: Code improvement to fetch User/Group information and Service Config details
b661ac4 is described below
commit b661ac4815d8c0fce04fb58756cb6729487451f1
Author: Bhavik Patel <bp...@apache.org>
AuthorDate: Tue Nov 27 13:31:34 2018 +0530
RANGER-2208: Code improvement to fetch User/Group information and Service Config details
Signed-off-by: Pradeep <pr...@apache.org>
---
.../main/java/org/apache/ranger/biz/XUserMgr.java | 71 ++++++
.../java/org/apache/ranger/rest/ServiceREST.java | 73 +++++-
.../java/org/apache/ranger/rest/XUserREST.java | 34 ++-
.../java/org/apache/ranger/biz/TestXUserMgr.java | 280 ++++++++++++++++++++-
.../org/apache/ranger/rest/TestServiceREST.java | 154 ++++++++++++
.../java/org/apache/ranger/rest/TestXUserREST.java | 113 +++++++++
6 files changed, 715 insertions(+), 10 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 410e3f8..54ae07e 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -694,6 +694,12 @@ public class XUserMgr extends XUserMgrBase {
public VXUser getXUser(Long id) {
VXUser vXUser=null;
vXUser=xUserService.readResourceWithOutLogin(id);
+ if(vXUser != null){
+ if(!hasAccessToGetUserInfo(vXUser)){
+ logger.info("Logged-In user is not allowed to access requested user data.");
+ throw restErrorUtil.create403RESTException("Logged-In user is not allowed to access requested user data.");
+ }
+ }
if(vXUser!=null && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){
vXUser=getMaskedVXUser(vXUser);
}
@@ -707,6 +713,27 @@ public class XUserMgr extends XUserMgrBase {
public VXGroup getXGroup(Long id) {
VXGroup vXGroup=null;
+ UserSessionBase userSession = ContextUtil.getCurrentUserSession();
+ if (userSession != null && userSession.getLoginId() != null) {
+ VXUser loggedInVXUser = xUserService.getXUserByUserName(userSession
+ .getLoginId());
+ if (loggedInVXUser != null) {
+ if (loggedInVXUser.getUserRoleList().size() == 1
+ && loggedInVXUser.getUserRoleList().contains(
+ RangerConstants.ROLE_USER)) {
+
+ List<Long> listGroupId = daoManager.getXXGroupUser()
+ .findGroupIdListByUserId(loggedInVXUser.getId());
+
+ if (!listGroupId.contains(id)) {
+ logger.info("Logged-In user is not allowed to access requested user data.");
+ throw restErrorUtil
+ .create403RESTException("Logged-In user is not allowed to access requested group data.");
+ }
+
+ }
+ }
+ }
vXGroup=xGroupService.readResourceWithOutLogin(id);
if(vXGroup!=null && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){
vXGroup=getMaskedVXGroup(vXGroup);
@@ -1734,6 +1761,31 @@ public class XUserMgr extends XUserMgrBase {
searchCriteria.setSortBy("id");
vXGroupList=xGroupService.searchXGroups(searchCriteria);
}
+ UserSessionBase userSession = ContextUtil.getCurrentUserSession();
+ if (userSession != null && userSession.getLoginId() != null) {
+ VXUser loggedInVXUser = xUserService.getXUserByUserName(userSession
+ .getLoginId());
+ if (loggedInVXUser != null) {
+ if (loggedInVXUser.getUserRoleList().size() == 1
+ && loggedInVXUser.getUserRoleList().contains(
+ RangerConstants.ROLE_USER)) {
+
+ List<VXGroup> updatedList = new ArrayList<VXGroup>();
+
+ List<Long> listGroupId = daoManager.getXXGroupUser()
+ .findGroupIdListByUserId(loggedInVXUser.getId());
+
+ for (VXGroup group : vXGroupList.getList()) {
+ if (listGroupId.contains(group.getId())) {
+ updatedList.add(group);
+ }
+ }
+ logger.info("Logged-In user having user role will be able to fetch his own groups details.");
+ vXGroupList.setVXGroups(updatedList);
+
+ }
+ }
+ }
if(vXGroupList!=null && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){
if(vXGroupList!=null && vXGroupList.getListSize()>0){
List<VXGroup> listMasked=new ArrayList<VXGroup>();
@@ -2245,6 +2297,25 @@ public class XUserMgr extends XUserMgrBase {
}
}
+ private boolean hasAccessToGetUserInfo(VXUser requestedVXUser) {
+ UserSessionBase userSession = ContextUtil.getCurrentUserSession();
+ if (userSession != null && userSession.getLoginId() != null) {
+ VXUser loggedInVXUser = xUserService.getXUserByUserName(userSession
+ .getLoginId());
+ if (loggedInVXUser != null) {
+ if (loggedInVXUser.getUserRoleList().size() == 1
+ && loggedInVXUser.getUserRoleList().contains(
+ RangerConstants.ROLE_USER)) {
+
+ return requestedVXUser.getId().equals(loggedInVXUser.getId()) ? true : false;
+
+ }else{
+ return true;
+ }
+ }
+ }
+ return false;
+ }
public void denySelfRoleChange(String userName) {
UserSessionBase session = ContextUtil.getCurrentUserSession();
if (session != null && session.getXXPortalUser()!=null) {
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index b2a481b..f12da80 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -71,6 +71,7 @@ import org.apache.ranger.common.JSONUtil;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.PropertiesUtil;
import org.apache.ranger.common.RESTErrorUtil;
+import org.apache.ranger.common.RangerConstants;
import org.apache.ranger.common.RangerSearchUtil;
import org.apache.ranger.common.RangerValidatorFactory;
import org.apache.ranger.common.ServiceUtil;
@@ -113,6 +114,7 @@ import org.apache.ranger.service.RangerPluginInfoService;
import org.apache.ranger.service.RangerPolicyService;
import org.apache.ranger.service.RangerServiceDefService;
import org.apache.ranger.service.RangerServiceService;
+import org.apache.ranger.service.XUserService;
import org.apache.ranger.view.RangerExportPolicyList;
import org.apache.ranger.view.RangerPluginInfoList;
import org.apache.ranger.view.RangerPolicyList;
@@ -120,6 +122,7 @@ import org.apache.ranger.view.RangerServiceDefList;
import org.apache.ranger.view.RangerServiceList;
import org.apache.ranger.view.VXResponse;
import org.apache.ranger.view.VXString;
+import org.apache.ranger.view.VXUser;
import org.codehaus.jackson.map.ObjectMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
@@ -203,6 +206,9 @@ public class ServiceREST {
@Autowired
JSONUtil jsonUtil;
+
+ @Autowired
+ XUserService xUserService;
private RangerPolicyEngineOptions delegateAdminOptions;
private RangerPolicyEngineOptions policySearchAdminOptions;
@@ -807,6 +813,19 @@ public class ServiceREST {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getService(serviceId=" + id + ")");
}
ret = svcStore.getService(id);
+ if (ret != null) {
+ UserSessionBase userSession = ContextUtil.getCurrentUserSession();
+ if (userSession != null && userSession.getLoginId() != null) {
+ VXUser loggedInVXUser = xUserService.getXUserByUserName(userSession.getLoginId());
+ if (loggedInVXUser != null) {
+ if (loggedInVXUser.getUserRoleList().size() == 1
+ && loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_USER)) {
+
+ ret = hideCriticalServiceDetailsForRoleUser(ret);
+ }
+ }
+ }
+ }
} catch(WebApplicationException excp) {
throw excp;
} catch(Throwable excp) {
@@ -845,6 +864,19 @@ public class ServiceREST {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getService(serviceName=" + name + ")");
}
ret = svcStore.getServiceByName(name);
+ if (ret != null) {
+ UserSessionBase userSession = ContextUtil.getCurrentUserSession();
+ if (userSession != null && userSession.getLoginId() != null) {
+ VXUser loggedInVXUser = xUserService.getXUserByUserName(userSession.getLoginId());
+ if (loggedInVXUser != null) {
+ if (loggedInVXUser.getUserRoleList().size() == 1
+ && loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_USER)) {
+
+ ret = hideCriticalServiceDetailsForRoleUser(ret);
+ }
+ }
+ }
+ }
} catch(WebApplicationException excp) {
throw excp;
} catch(Throwable excp) {
@@ -887,8 +919,29 @@ public class ServiceREST {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.getServices()");
}
paginatedSvcs = svcStore.getPaginatedServices(filter);
+ if (paginatedSvcs != null && !paginatedSvcs.getList().isEmpty()) {
+ UserSessionBase userSession = ContextUtil.getCurrentUserSession();
+ if (userSession != null && userSession.getLoginId() != null) {
+ VXUser loggedInVXUser = xUserService.getXUserByUserName(userSession.getLoginId());
+ if (loggedInVXUser != null) {
+ if (loggedInVXUser.getUserRoleList().size() == 1
+ && loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_USER)) {
+
+ List<RangerService> updateServiceList = new ArrayList<RangerService>();
+ for (RangerService rangerService : paginatedSvcs.getList()) {
+ if (rangerService != null) {
+ updateServiceList.add(hideCriticalServiceDetailsForRoleUser(rangerService));
+ }
+ }
- if(paginatedSvcs != null) {
+ if (updateServiceList != null && !updateServiceList.isEmpty()) {
+ paginatedSvcs.setList(updateServiceList);
+ }
+ }
+ }
+ }
+ }
+ if (paginatedSvcs != null) {
ret = new RangerServiceList();
ret.setServices(paginatedSvcs.getList());
@@ -3330,4 +3383,22 @@ public class ServiceREST {
}
return ret;
}
+
+ private RangerService hideCriticalServiceDetailsForRoleUser(RangerService rangerService) {
+ RangerService ret = rangerService;
+
+ ret.setConfigs(null);
+ ret.setDescription(null);
+ ret.setCreatedBy(null);
+ ret.setUpdatedBy(null);
+ ret.setCreateTime(null);
+ ret.setUpdateTime(null);
+ ret.setPolicyVersion(null);
+ ret.setPolicyUpdateTime(null);
+ ret.setTagVersion(null);
+ ret.setTagUpdateTime(null);
+ ret.setVersion(null);
+
+ return ret;
+ }
}
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
index 3f25506..ec1dc26 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
@@ -17,11 +17,10 @@
* under the License.
*/
- package org.apache.ranger.rest;
+package org.apache.ranger.rest;
import java.util.HashMap;
import java.util.List;
-import java.util.Random;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.DELETE;
@@ -33,17 +32,20 @@ import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
+import org.apache.log4j.Logger;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.biz.RangerBizUtil;
import org.apache.ranger.biz.SessionMgr;
import org.apache.ranger.biz.XUserMgr;
+import org.apache.ranger.common.ContextUtil;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.RangerConstants;
import org.apache.ranger.common.SearchCriteria;
import org.apache.ranger.common.SearchUtil;
import org.apache.ranger.common.StringUtil;
+import org.apache.ranger.common.UserSessionBase;
import org.apache.ranger.common.annotation.RangerAnnotationClassName;
import org.apache.ranger.common.annotation.RangerAnnotationJSMgrName;
import org.apache.ranger.db.RangerDaoManager;
@@ -150,6 +152,11 @@ public class XUserREST {
@Autowired
XResourceService xResourceService;
+ @Autowired
+ StringUtil stringUtil;
+
+ static final Logger logger = Logger.getLogger(XUserMgr.class);
+
// Handle XGroup
@GET
@Path("/groups/{id}")
@@ -372,9 +379,26 @@ public class XUserREST {
else if ((searchCriteria.getParamList().containsKey("name")) && userName!= null && userName.contains((String) searchCriteria.getParamList().get("name"))) {
searchCriteria.addParam("name", userName);
}
- else {
- String randomString = new Random().toString();
- searchCriteria.addParam("name", randomString);
+ }
+
+ UserSessionBase userSession = ContextUtil.getCurrentUserSession();
+ if (userSession != null && userSession.getLoginId() != null) {
+ VXUser loggedInVXUser = xUserService.getXUserByUserName(userSession
+ .getLoginId());
+ if (loggedInVXUser != null) {
+ if (loggedInVXUser.getUserRoleList().size() == 1
+ && loggedInVXUser.getUserRoleList().contains(
+ RangerConstants.ROLE_USER)) {
+ logger.info("Logged-In user having user role will be able to fetch his own user details.");
+ if (!searchCriteria.getParamList().containsKey("name")) {
+ searchCriteria.addParam("name", loggedInVXUser.getName());
+ }else if(searchCriteria.getParamList().containsKey("name")
+ && !stringUtil.isEmpty(searchCriteria.getParamValue("name").toString())
+ && !searchCriteria.getParamValue("name").toString().equalsIgnoreCase(loggedInVXUser.getName())){
+ throw restErrorUtil.create403RESTException("Logged-In user is not allowed to access requested user data.");
+ }
+
+ }
}
}
diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
index 826307e..aeb8ea2 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
@@ -24,6 +24,9 @@ import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
+
+import javax.ws.rs.WebApplicationException;
+
import org.apache.ranger.common.RangerCommonEnums;
import org.apache.ranger.common.RangerConstants;
import org.apache.ranger.common.ContextUtil;
@@ -105,6 +108,7 @@ import org.mockito.runners.MockitoJUnitRunner;
public class TestXUserMgr {
private static Long userId = 8L;
+ private static String userLoginID = "testuser";
private static Integer emptyValue;
@@ -299,9 +303,29 @@ public class TestXUserMgr {
return policy;
}
+
+
@Test
public void test11CreateXUser() {
- setup();
+ destroySession();
+
+ RangerSecurityContext context = new RangerSecurityContext();
+ context.setUserSession(new UserSessionBase());
+ RangerContextHolder.setSecurityContext(context);
+ UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
+ currentUserSession.setUserAdmin(true);
+ XXPortalUser xXPortalUser = new XXPortalUser();
+ xXPortalUser.setLoginId(userLoginID);
+ xXPortalUser.setId(userId);
+ currentUserSession.setXXPortalUser(xXPortalUser);
+
+ VXUser loggedInUser = vxUser();
+ List<String> loggedInUserRole = new ArrayList<String>();
+ loggedInUserRole.add(RangerConstants.ROLE_ADMIN);
+ loggedInUser.setId(8L);
+ loggedInUser.setName("testuser");
+ loggedInUser.setUserRoleList(loggedInUserRole);
+
VXUser vxUser = vxUser();
Collection<String> userRoleList = new ArrayList<String>();
userRoleList.add("test");
@@ -313,6 +337,7 @@ public class TestXUserMgr {
vXPortalUser.setUserRoleList(userRoleListVXPortaUser);
Mockito.when(xUserService.createResource(vxUser)).thenReturn(vxUser);
+ Mockito.when(xUserService.getXUserByUserName("testuser")).thenReturn(loggedInUser);
XXModuleDefDao value = Mockito.mock(XXModuleDefDao.class);
Mockito.when(daoManager.getXXModuleDef()).thenReturn(value);
@@ -338,7 +363,6 @@ public class TestXUserMgr {
Mockito.verify(userMgr).createDefaultAccountUser(
(VXPortalUser) Mockito.anyObject());
- Mockito.verify(daoManager).getXXModuleDef();
Assert.assertNotNull(dbvxUser);
Assert.assertEquals(userId, dbvxUser.getId());
Assert.assertEquals(dbvxUser.getDescription(), vxUser.getDescription());
@@ -1363,7 +1387,17 @@ public class TestXUserMgr {
@Test
public void test45setUserRolesByExternalID() {
- setup();
+ destroySession();
+
+ RangerSecurityContext context = new RangerSecurityContext();
+ context.setUserSession(new UserSessionBase());
+ RangerContextHolder.setSecurityContext(context);
+ UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
+ currentUserSession.setUserAdmin(true);
+ XXPortalUser xXPortalUser = new XXPortalUser();
+ xXPortalUser.setLoginId(userLoginID);
+ xXPortalUser.setId(userId);
+ currentUserSession.setXXPortalUser(xXPortalUser);
XXPortalUserRoleDao xPortalUserRoleDao = Mockito
.mock(XXPortalUserRoleDao.class);
XXPortalUserDao userDao = Mockito.mock(XXPortalUserDao.class);
@@ -1448,6 +1482,13 @@ public class TestXUserMgr {
userPermission.setUserName("xyz");
userPermission.setOwner("admin");
+ VXUser loggedInUser = vxUser();
+ List<String> loggedInUserRole = new ArrayList<String>();
+ loggedInUserRole.add(RangerConstants.ROLE_ADMIN);
+ loggedInUser.setId(8L);
+ loggedInUser.setName("testuser");
+ loggedInUser.setUserRoleList(loggedInUserRole);
+
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(
xPortalUserRoleDao);
Mockito.when(xPortalUserRoleDao.findByUserId(userId)).thenReturn(
@@ -1478,6 +1519,7 @@ public class TestXUserMgr {
Mockito.when(xModuleDefDao.findByModuleId(Mockito.anyLong()))
.thenReturn(xModuleDef);
Mockito.when(xUserMgr.getXUser(userId)).thenReturn(vXUser);
+ Mockito.when(xUserService.getXUserByUserName("testuser")).thenReturn(loggedInUser);
Mockito.when(userMgr.getUserProfileByLoginId(vXUser.getName()))
.thenReturn(userProfile);
VXStringList vXStringList = xUserMgr.setUserRolesByExternalID(userId,
@@ -1609,7 +1651,17 @@ public class TestXUserMgr {
@Test
public void test47getUserRolesByExternalID() {
- setup();
+ destroySession();
+
+ RangerSecurityContext context = new RangerSecurityContext();
+ context.setUserSession(new UserSessionBase());
+ RangerContextHolder.setSecurityContext(context);
+ UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
+ currentUserSession.setUserAdmin(true);
+ XXPortalUser xXPortalUser = new XXPortalUser();
+ xXPortalUser.setLoginId(userLoginID);
+ xXPortalUser.setId(userId);
+ currentUserSession.setXXPortalUser(xXPortalUser);
XXPortalUserRoleDao xPortalUserRoleDao = Mockito
.mock(XXPortalUserRoleDao.class);
XXPortalUserDao userDao = Mockito.mock(XXPortalUserDao.class);
@@ -1694,6 +1746,13 @@ public class TestXUserMgr {
userPermission.setUserName("xyz");
userPermission.setOwner("admin");
+ VXUser loggedInUser = vxUser();
+ List<String> loggedInUserRole = new ArrayList<String>();
+ loggedInUserRole.add(RangerConstants.ROLE_ADMIN);
+ loggedInUser.setId(8L);
+ loggedInUser.setName("testuser");
+ loggedInUser.setUserRoleList(loggedInUserRole);
+
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(
xPortalUserRoleDao);
Mockito.when(xPortalUserRoleDao.findByUserId(userId)).thenReturn(
@@ -1726,6 +1785,7 @@ public class TestXUserMgr {
Mockito.when(xUserMgr.getXUser(userId)).thenReturn(vXUser);
Mockito.when(userMgr.getUserProfileByLoginId(vXUser.getName()))
.thenReturn(userProfile);
+ Mockito.when(xUserService.getXUserByUserName("testuser")).thenReturn(loggedInUser);
VXStringList vXStringList = xUserMgr.getUserRolesByExternalID(userId);
Assert.assertNotNull(vXStringList);
}
@@ -1855,4 +1915,216 @@ public class TestXUserMgr {
.getLoginId());
Assert.assertNotNull(vXStringList);
}
+ @Test
+ public void test49getAdminUserDetailsWithUserHavingUSER_ROLE() {
+ destroySession();
+
+ RangerSecurityContext context = new RangerSecurityContext();
+ context.setUserSession(new UserSessionBase());
+ RangerContextHolder.setSecurityContext(context);
+ UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
+ currentUserSession.setUserAdmin(false);
+ XXPortalUser xXPortalUser = new XXPortalUser();
+ xXPortalUser.setLoginId(userLoginID);
+ xXPortalUser.setId(userId);
+ currentUserSession.setXXPortalUser(xXPortalUser);
+
+ VXUser loggedInUser = vxUser();
+ List<String> loggedInUserRole = new ArrayList<String>();
+ loggedInUserRole.add(RangerConstants.ROLE_USER);
+ loggedInUser.setId(8L);
+ loggedInUser.setName("testuser");
+ loggedInUser.setUserRoleList(loggedInUserRole);
+
+ VXUser vxUser = vxUser();
+ List<String> userRole = new ArrayList<String>();
+ userRole.add(RangerConstants.ROLE_ADMIN);
+ vxUser.setId(5L);
+ vxUser.setName("test3");
+ vxUser.setUserRoleList(userRole);
+ vxUser.setUserSource(RangerCommonEnums.USER_UNIX);
+ Mockito.when(xUserService.readResourceWithOutLogin(5L)).thenReturn(vxUser);
+ Mockito.when(xUserService.getXUserByUserName("testuser")).thenReturn(loggedInUser);
+ Mockito.when(restErrorUtil.create403RESTException("Logged-In user is not allowed to access requested user data.")).thenThrow(new WebApplicationException());
+ thrown.expect(WebApplicationException.class);
+ xUserMgr.getXUser(5L);
+ }
+
+ @Test
+ public void test50getKeyAdminUserDetailsWithUserHavingUSER_ROLE() {
+ destroySession();
+
+ RangerSecurityContext context = new RangerSecurityContext();
+ context.setUserSession(new UserSessionBase());
+ RangerContextHolder.setSecurityContext(context);
+ UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
+ currentUserSession.setUserAdmin(false);
+ XXPortalUser xXPortalUser = new XXPortalUser();
+ xXPortalUser.setLoginId(userLoginID);
+ xXPortalUser.setId(userId);
+ currentUserSession.setXXPortalUser(xXPortalUser);
+
+ VXUser loggedInUser = vxUser();
+ List<String> loggedInUserRole = new ArrayList<String>();
+ loggedInUserRole.add(RangerConstants.ROLE_USER);
+ loggedInUser.setId(8L);
+ loggedInUser.setName("testuser");
+ loggedInUser.setUserRoleList(loggedInUserRole);
+
+ VXUser vxUser = vxUser();
+ List<String> userRole = new ArrayList<String>();
+ userRole.add(RangerConstants.ROLE_KEY_ADMIN);
+ vxUser.setId(5L);
+ vxUser.setName("test3");
+ vxUser.setUserRoleList(userRole);
+ vxUser.setUserSource(RangerCommonEnums.USER_UNIX);
+ Mockito.when(xUserService.readResourceWithOutLogin(5L)).thenReturn(vxUser);
+ Mockito.when(xUserService.getXUserByUserName("testuser")).thenReturn(loggedInUser);
+ Mockito.when(restErrorUtil.create403RESTException("Logged-In user is not allowed to access requested user data.")).thenThrow(new WebApplicationException());
+ thrown.expect(WebApplicationException.class);
+ xUserMgr.getXUser(5L);
+ }
+
+
+
+ @Test
+ public void test51getErrorWhenRoleUserFetchAnotherUserGroupInfo() {
+ destroySession();
+
+ RangerSecurityContext context = new RangerSecurityContext();
+ context.setUserSession(new UserSessionBase());
+ RangerContextHolder.setSecurityContext(context);
+ UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
+ currentUserSession.setUserAdmin(false);
+ XXPortalUser xXPortalUser = new XXPortalUser();
+ xXPortalUser.setLoginId(userLoginID);
+ xXPortalUser.setId(userId);
+ currentUserSession.setXXPortalUser(xXPortalUser);
+ List<String> permissionList = new ArrayList<String>();
+ permissionList.add(RangerConstants.MODULE_USER_GROUPS);
+
+ List<Long> groupIdList = new ArrayList<Long>();
+ groupIdList.add(2L);
+
+ VXUser loggedInUser = vxUser();
+ List<String> loggedInUserRole = new ArrayList<String>();
+ loggedInUserRole.add(RangerConstants.ROLE_USER);
+ loggedInUser.setId(8L);
+ loggedInUser.setName("testuser");
+ loggedInUser.setUserRoleList(loggedInUserRole);
+ loggedInUser.setGroupIdList(groupIdList);
+
+ VXUser vxUser = vxUser();
+ List<String> userRole = new ArrayList<String>();
+ userRole.add(RangerConstants.ROLE_USER);
+ vxUser.setId(8L);
+ vxUser.setName("test3");
+ vxUser.setUserRoleList(userRole);
+ vxUser.setUserSource(RangerCommonEnums.USER_UNIX);
+
+ Mockito.when(xUserService.getXUserByUserName("testuser")).thenReturn(loggedInUser);
+
+ XXGroupUserDao mockxxGroupUserDao = Mockito.mock(XXGroupUserDao.class);
+
+ Mockito.when(daoManager.getXXGroupUser()).thenReturn(mockxxGroupUserDao);
+ Mockito.when(mockxxGroupUserDao.findGroupIdListByUserId(loggedInUser.getId())).thenReturn(groupIdList);
+
+ Mockito.when(restErrorUtil.create403RESTException("Logged-In user is not allowed to access requested group data.")).thenThrow(new WebApplicationException());
+ thrown.expect(WebApplicationException.class);
+ xUserMgr.getXGroup(5L);
+ }
+
+ @Test
+ public void test52RoleUserWillFetchOnlyHisOwnGroupDetails() {
+ destroySession();
+
+ RangerSecurityContext context = new RangerSecurityContext();
+ context.setUserSession(new UserSessionBase());
+ RangerContextHolder.setSecurityContext(context);
+ UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
+ currentUserSession.setUserAdmin(false);
+ XXPortalUser xXPortalUser = new XXPortalUser();
+ xXPortalUser.setLoginId(userLoginID);
+ xXPortalUser.setId(userId);
+ currentUserSession.setXXPortalUser(xXPortalUser);
+ List<String> permissionList = new ArrayList<String>();
+ permissionList.add(RangerConstants.MODULE_USER_GROUPS);
+
+ List<Long> groupIdList = new ArrayList<Long>();
+ groupIdList.add(5L);
+
+ VXGroup expectedVXGroup = new VXGroup();
+ expectedVXGroup.setId(5L);
+ expectedVXGroup.setName("testGroup");
+
+ VXUser loggedInUser = vxUser();
+ List<String> loggedInUserRole = new ArrayList<String>();
+ loggedInUserRole.add(RangerConstants.ROLE_USER);
+ loggedInUser.setId(8L);
+ loggedInUser.setName("testuser");
+ loggedInUser.setUserRoleList(loggedInUserRole);
+ loggedInUser.setGroupIdList(groupIdList);
+
+ VXUser vxUser = vxUser();
+ List<String> userRole = new ArrayList<String>();
+ userRole.add(RangerConstants.ROLE_USER);
+ vxUser.setId(8L);
+ vxUser.setName("test3");
+ vxUser.setUserRoleList(userRole);
+ vxUser.setUserSource(RangerCommonEnums.USER_UNIX);
+ Mockito.when(xGroupService.readResourceWithOutLogin(5L)).thenReturn(expectedVXGroup);
+
+ VXGroup rcvVXGroup = xUserMgr.getXGroup(5L);
+ Assert.assertNotNull(rcvVXGroup);
+ Assert.assertEquals(expectedVXGroup.getId(), rcvVXGroup.getId());
+ Assert.assertEquals(expectedVXGroup.getName(), rcvVXGroup.getName());
+ }
+ @Test
+ public void test53getUserDetailsOfItsOwn() {
+ destroySession();
+
+ RangerSecurityContext context = new RangerSecurityContext();
+ context.setUserSession(new UserSessionBase());
+ RangerContextHolder.setSecurityContext(context);
+ UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
+ currentUserSession.setUserAdmin(false);
+ XXPortalUser xXPortalUser = new XXPortalUser();
+ xXPortalUser.setLoginId(userLoginID);
+ xXPortalUser.setId(userId);
+ currentUserSession.setXXPortalUser(xXPortalUser);
+ List<String> permissionList = new ArrayList<String>();
+ permissionList.add(RangerConstants.MODULE_USER_GROUPS);
+
+
+ VXUser loggedInUser = vxUser();
+ List<String> loggedInUserRole = new ArrayList<String>();
+ loggedInUserRole.add(RangerConstants.ROLE_USER);
+ loggedInUser.setId(8L);
+ loggedInUser.setName("testuser");
+ loggedInUser.setUserRoleList(loggedInUserRole);
+
+ VXUser vxUser = vxUser();
+ List<String> userRole = new ArrayList<String>();
+ userRole.add(RangerConstants.ROLE_USER);
+ vxUser.setId(8L);
+ vxUser.setName("test3");
+ vxUser.setUserRoleList(userRole);
+ vxUser.setUserSource(RangerCommonEnums.USER_UNIX);
+ Mockito.when(xUserService.readResourceWithOutLogin(8L)).thenReturn(vxUser);
+ Mockito.when(xUserService.getXUserByUserName("testuser")).thenReturn(loggedInUser);
+ XXModuleDefDao mockxxModuleDefDao = Mockito.mock(XXModuleDefDao.class);
+ Mockito.when(daoManager.getXXModuleDef()).thenReturn(mockxxModuleDefDao);
+ Mockito.when(mockxxModuleDefDao.findAccessibleModulesByUserId(8L, 8L)).thenReturn(permissionList);
+ VXUser expectedVXUser = xUserMgr.getXUser(8L);
+ Assert.assertNotNull(expectedVXUser);
+ Assert.assertEquals(expectedVXUser.getName(), vxUser.getName());
+ }
+
+
+
+ public void destroySession() {
+ RangerSecurityContext context = new RangerSecurityContext();
+ context.setUserSession(null);
+ RangerContextHolder.setSecurityContext(context);
+ }
}
diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
index 7d407f7..cee33c6 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
@@ -32,9 +32,12 @@ import org.apache.ranger.admin.client.datatype.RESTResponse;
import org.apache.ranger.biz.AssetMgr;
import org.apache.ranger.biz.RangerBizUtil;
import org.apache.ranger.biz.ServiceDBStore;
+import org.apache.ranger.common.RangerConstants;
import org.apache.ranger.biz.ServiceMgr;
import org.apache.ranger.biz.TagDBStore;
import org.apache.ranger.biz.XUserMgr;
+import org.apache.ranger.entity.XXPortalUser;
+import org.apache.ranger.view.VXUser;
import org.apache.ranger.common.ContextUtil;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.RangerSearchUtil;
@@ -1433,4 +1436,155 @@ public class TestServiceREST {
assert(true);
}
+
+ @Test
+ public void test44getServiceWillOnlyReturnNameIdAndTypeForRoleUser() throws Exception {
+ RangerService actualService = rangerService();
+
+ String userLoginID = "testuser";
+ Long userId = 8L;
+
+ RangerSecurityContext context = new RangerSecurityContext();
+ context.setUserSession(new UserSessionBase());
+ RangerContextHolder.setSecurityContext(context);
+ UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
+ currentUserSession.setUserAdmin(false);
+ XXPortalUser xXPortalUser = new XXPortalUser();
+ xXPortalUser.setLoginId(userLoginID);
+ xXPortalUser.setId(userId);
+ currentUserSession.setXXPortalUser(xXPortalUser);
+
+ VXUser loggedInUser = new VXUser();
+ List<String> loggedInUserRole = new ArrayList<String>();
+ loggedInUserRole.add(RangerConstants.ROLE_USER);
+ loggedInUser.setId(8L);
+ loggedInUser.setName("testuser");
+ loggedInUser.setUserRoleList(loggedInUserRole);
+ Mockito.when(xUserService.getXUserByUserName("testuser")).thenReturn(loggedInUser);
+ Mockito.when(svcStore.getService(Id)).thenReturn(actualService);
+
+ RangerService service = serviceREST.getService(Id);
+ Assert.assertNotNull(service);
+ Mockito.verify(svcStore).getService(Id);
+ Assert.assertNull(service.getDescription());
+ Assert.assertTrue(service.getConfigs().isEmpty());
+ Assert.assertEquals(service.getId(), Id);
+ Assert.assertEquals(service.getName(), "HDFS_1");
+ Assert.assertEquals(service.getType(), "1");
+ }
+
+ @Test
+ public void test45getServiceByNameWillOnlyReturnNameIdAndTypeForRoleUser() throws Exception {
+ RangerService actualService = rangerService();
+
+ String userLoginID = "testuser";
+ Long userId = 8L;
+
+ RangerSecurityContext context = new RangerSecurityContext();
+ context.setUserSession(new UserSessionBase());
+ RangerContextHolder.setSecurityContext(context);
+ UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
+ currentUserSession.setUserAdmin(false);
+ XXPortalUser xXPortalUser = new XXPortalUser();
+ xXPortalUser.setLoginId(userLoginID);
+ xXPortalUser.setId(userId);
+ currentUserSession.setXXPortalUser(xXPortalUser);
+
+ VXUser loggedInUser = new VXUser();
+ List<String> loggedInUserRole = new ArrayList<String>();
+ loggedInUserRole.add(RangerConstants.ROLE_USER);
+ loggedInUser.setId(8L);
+ loggedInUser.setName("testuser");
+ loggedInUser.setUserRoleList(loggedInUserRole);
+ Mockito.when(xUserService.getXUserByUserName("testuser")).thenReturn(loggedInUser);
+ Mockito.when(svcStore.getServiceByName(actualService.getName())).thenReturn(actualService);
+
+ RangerService service = serviceREST.getServiceByName(actualService.getName());
+ Assert.assertNotNull(service);
+ Mockito.verify(svcStore).getServiceByName(actualService.getName());
+ Assert.assertNull(service.getDescription());
+ Assert.assertTrue(service.getConfigs().isEmpty());
+ Assert.assertEquals(service.getId(), Id);
+ Assert.assertEquals(service.getName(), "HDFS_1");
+ Assert.assertEquals(service.getType(), "1");
+ }
+
+ @Test
+ public void test46getServices() throws Exception{
+ HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
+ PList<RangerService> paginatedSvcs = new PList<RangerService>();
+ RangerService svc1 = rangerService();
+
+ String userLoginID = "testuser";
+ Long userId = 8L;
+
+ RangerSecurityContext context = new RangerSecurityContext();
+ context.setUserSession(new UserSessionBase());
+ RangerContextHolder.setSecurityContext(context);
+ UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
+ currentUserSession.setUserAdmin(false);
+ XXPortalUser xXPortalUser = new XXPortalUser();
+ xXPortalUser.setLoginId(userLoginID);
+ xXPortalUser.setId(userId);
+ currentUserSession.setXXPortalUser(xXPortalUser);
+
+ VXUser loggedInUser = new VXUser();
+ List<String> loggedInUserRole = new ArrayList<String>();
+ loggedInUserRole.add(RangerConstants.ROLE_USER);
+ loggedInUser.setId(8L);
+ loggedInUser.setName("testuser");
+ loggedInUser.setUserRoleList(loggedInUserRole);
+
+ Map<String, String> configs = new HashMap<String, String>();
+ configs.put("username", "servicemgr");
+ configs.put("password", "servicemgr");
+ configs.put("namenode", "servicemgr");
+ configs.put("hadoop.security.authorization", "No");
+ configs.put("hadoop.security.authentication", "Simple");
+ configs.put("hadoop.security.auth_to_local", "");
+ configs.put("dfs.datanode.kerberos.principal", "");
+ configs.put("dfs.namenode.kerberos.principal", "");
+ configs.put("dfs.secondary.namenode.kerberos.principal", "");
+ configs.put("hadoop.rpc.protection", "Privacy");
+ configs.put("commonNameForCertificate", "");
+
+ RangerService svc2 = new RangerService();
+ svc2.setId(9L);
+ svc2.setConfigs(configs);
+ svc2.setCreateTime(new Date());
+ svc2.setDescription("service policy");
+ svc2.setGuid("1427365526516_835_1");
+ svc2.setIsEnabled(true);
+ svc2.setName("YARN_1");
+ svc2.setPolicyUpdateTime(new Date());
+ svc2.setType("yarn");
+ svc2.setUpdatedBy("Admin");
+ svc2.setUpdateTime(new Date());
+
+ List<RangerService> rangerServiceList = new ArrayList<RangerService>();
+ rangerServiceList.add(svc1);
+ rangerServiceList.add(svc2);
+
+ paginatedSvcs.setList(rangerServiceList);
+
+ SearchFilter filter = new SearchFilter();
+ Mockito.when(searchUtil.getSearchFilter(request, svcService.sortFields)).thenReturn(filter);
+ Mockito.when(svcStore.getPaginatedServices(filter)).thenReturn(paginatedSvcs);
+ Mockito.when(xUserService.getXUserByUserName("testuser")).thenReturn(loggedInUser);
+ RangerServiceList retServiceList = serviceREST.getServices(request);
+ Assert.assertNotNull(retServiceList);
+ Assert.assertNull(retServiceList.getServices().get(0).getDescription());
+ Assert.assertTrue(retServiceList.getServices().get(0).getConfigs().isEmpty());
+ Assert.assertNull(retServiceList.getServices().get(1).getDescription());
+ Assert.assertTrue(retServiceList.getServices().get(1).getConfigs().isEmpty());
+ Assert.assertEquals(retServiceList.getServices().get(0).getId(), Id);
+ Assert.assertEquals(retServiceList.getServices().get(0).getName(), "HDFS_1");
+ Assert.assertEquals(retServiceList.getServices().get(0).getType(), "1");
+
+ Assert.assertEquals(retServiceList.getServices().get(1).getId(), svc2.getId());
+ Assert.assertEquals(retServiceList.getServices().get(1).getName(), "YARN_1");
+ Assert.assertEquals(retServiceList.getServices().get(1).getType(), "yarn");
+
+
+ }
}
diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java
index fceda02..1b0e750 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java
@@ -35,8 +35,13 @@ import org.apache.ranger.common.SortField;
import org.apache.ranger.common.AppConstants;
import org.apache.ranger.common.RangerConstants;
import org.apache.ranger.common.StringUtil;
+import org.apache.ranger.common.UserSessionBase;
+import org.apache.ranger.security.context.RangerContextHolder;
+import org.apache.ranger.security.context.RangerSecurityContext;
+import org.apache.ranger.entity.XXPortalUser;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.db.XXGroupDao;
+import org.apache.ranger.common.ContextUtil;
import org.apache.ranger.entity.XXResource;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
@@ -129,6 +134,7 @@ public class TestXUserREST {
@Mock SearchCriteria searchCriteria;
@Mock XGroupService xGroupService;
@Mock SearchUtil searchUtil;
+ @Mock StringUtil stringUtil;
@Mock VXLong vXLong;
@Mock HttpServletRequest request;
@Mock VXUser vXUser1;
@@ -1982,6 +1988,113 @@ public class TestXUserREST {
}
+ @SuppressWarnings({ "unchecked", "static-access" })
+ @Test
+ public void test113ErrorWhenRoleUserIsTryingToFetchAnotherUserDetails() {
+
+ destroySession();
+ String userLoginID = "testuser";
+ Long userId = 8L;
+
+ RangerSecurityContext context = new RangerSecurityContext();
+ context.setUserSession(new UserSessionBase());
+ RangerContextHolder.setSecurityContext(context);
+ UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
+ currentUserSession.setUserAdmin(false);
+ XXPortalUser xXPortalUser = new XXPortalUser();
+ xXPortalUser.setLoginId(userLoginID);
+ xXPortalUser.setId(userId);
+ currentUserSession.setXXPortalUser(xXPortalUser);
+
+ VXUser loggedInUser = createVXUser();
+ List<String> loggedInUserRole = new ArrayList<String>();
+ loggedInUserRole.add(RangerConstants.ROLE_USER);
+ loggedInUser.setId(8L);
+ loggedInUser.setName("testuser");
+ loggedInUser.setUserRoleList(loggedInUserRole);
+
+ HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
+ SearchCriteria testSearchCriteria=createsearchCriteria();
+ testSearchCriteria.addParam("name", "admin");
+
+ Mockito.when(searchUtil.extractCommonCriterias((HttpServletRequest)Mockito.any(), (List<SortField>)Mockito.any())).thenReturn(testSearchCriteria);
+
+ Mockito.when(searchUtil.extractCommonCriterias(request, xUserService.sortFields)).thenReturn(testSearchCriteria);
+ Mockito.when(searchUtil.extractString(request, testSearchCriteria, "emailAddress", "Email Address",null)).thenReturn("");
+ Mockito.when(searchUtil.extractInt(request, testSearchCriteria, "userSource", "User Source")).thenReturn(1);
+ Mockito.when(searchUtil.extractInt(request, testSearchCriteria, "isVisible", "User Visibility")).thenReturn(1);
+ Mockito.when(searchUtil.extractInt(request, testSearchCriteria, "status", "User Status")).thenReturn(1);
+ Mockito.when(searchUtil.extractStringList(request, testSearchCriteria, "userRoleList", "User Role List", "userRoleList", null,null)).thenReturn(new ArrayList<String>());
+
+ Mockito.when(xUserService.getXUserByUserName("testuser")).thenReturn(loggedInUser);
+ Mockito.when(restErrorUtil.create403RESTException("Logged-In user is not allowed to access requested user data.")).thenThrow(new WebApplicationException());
+ thrown.expect(WebApplicationException.class);
+
+ xUserRest.searchXUsers(request);
+ }
+
+ @SuppressWarnings({ "unchecked", "static-access" })
+ @Test
+ public void test114RoleUserWillGetOnlyHisOwnUserDetails() {
+
+ destroySession();
+ String userLoginID = "testuser";
+ Long userId = 8L;
+
+ RangerSecurityContext context = new RangerSecurityContext();
+ context.setUserSession(new UserSessionBase());
+ RangerContextHolder.setSecurityContext(context);
+ UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
+ currentUserSession.setUserAdmin(false);
+ XXPortalUser xXPortalUser = new XXPortalUser();
+ xXPortalUser.setLoginId(userLoginID);
+ xXPortalUser.setId(userId);
+ currentUserSession.setXXPortalUser(xXPortalUser);
+
+ VXUser loggedInUser = createVXUser();
+ List<String> loggedInUserRole = new ArrayList<String>();
+ loggedInUserRole.add(RangerConstants.ROLE_USER);
+ loggedInUser.setId(8L);
+ loggedInUser.setName("testuser");
+ loggedInUser.setUserRoleList(loggedInUserRole);
+
+ VXUserList expecteUserList = new VXUserList();
+ VXUser expectedUser = new VXUser();
+ expectedUser.setId(8L);
+ expectedUser.setName("testuser");
+ List<VXUser> userList = new ArrayList<VXUser>();
+ userList.add(expectedUser);
+ expecteUserList.setVXUsers(userList);
+
+ HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
+ SearchCriteria testSearchCriteria=createsearchCriteria();
+
+ Mockito.when(searchUtil.extractCommonCriterias((HttpServletRequest)Mockito.any(), (List<SortField>)Mockito.any())).thenReturn(testSearchCriteria);
+
+ Mockito.when(searchUtil.extractCommonCriterias(request, xUserService.sortFields)).thenReturn(testSearchCriteria);
+ Mockito.when(searchUtil.extractString(request, testSearchCriteria, "emailAddress", "Email Address",null)).thenReturn("");
+ Mockito.when(searchUtil.extractInt(request, testSearchCriteria, "userSource", "User Source")).thenReturn(1);
+ Mockito.when(searchUtil.extractInt(request, testSearchCriteria, "isVisible", "User Visibility")).thenReturn(1);
+ Mockito.when(searchUtil.extractInt(request, testSearchCriteria, "status", "User Status")).thenReturn(1);
+ Mockito.when(searchUtil.extractStringList(request, testSearchCriteria, "userRoleList", "User Role List", "userRoleList", null,null)).thenReturn(new ArrayList<String>());
+
+ Mockito.when(xUserService.getXUserByUserName("testuser")).thenReturn(loggedInUser);
+ Mockito.when(xUserMgr.searchXUsers(testSearchCriteria)).thenReturn(expecteUserList);
+ VXUserList gotVXUserList=xUserRest.searchXUsers(request);
+
+ assertEquals(gotVXUserList.getList().size(), 1);
+ assertEquals(gotVXUserList.getList().get(0).getId(), expectedUser.getId());
+ assertEquals(gotVXUserList.getList().get(0).getName(), expectedUser.getName());
+ }
+
+
+ public void destroySession() {
+ RangerSecurityContext context = new RangerSecurityContext();
+ context.setUserSession(null);
+ RangerContextHolder.setSecurityContext(context);
+ }
+
+
private HashMap<Long, Integer> creategroupVisibilityMap()
{