atlas-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From shweth...@apache.org
Subject [1/3] incubator-atlas git commit: ATLAS-495 Atlas Ranger Authorization Plugin (nixonrodrigues via shwethags)
Date Fri, 20 May 2016 17:57:19 GMT
Repository: incubator-atlas
Updated Branches:
  refs/heads/master 19751c60b -> 353ea964e


http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/util/XMLPropertiesUtil.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/util/XMLPropertiesUtil.java b/webapp/src/main/java/org/apache/atlas/util/XMLPropertiesUtil.java
deleted file mode 100644
index 9c4f1c7..0000000
--- a/webapp/src/main/java/org/apache/atlas/util/XMLPropertiesUtil.java
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.atlas.util;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Properties;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-
-import org.apache.log4j.Logger;
-import org.springframework.util.DefaultPropertiesPersister;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-public class XMLPropertiesUtil extends DefaultPropertiesPersister {
-    private static Logger logger = Logger.getLogger(XMLPropertiesUtil.class);
-
-    public XMLPropertiesUtil() {
-    }
-
-    @Override
-    public void loadFromXml(Properties properties, InputStream inputStream)
-            throws IOException {
-        try {
-            DocumentBuilderFactory xmlDocumentBuilderFactory = DocumentBuilderFactory
-                    .newInstance();
-            xmlDocumentBuilderFactory.setIgnoringComments(true);
-            xmlDocumentBuilderFactory.setNamespaceAware(true);
-            DocumentBuilder xmlDocumentBuilder = xmlDocumentBuilderFactory
-                    .newDocumentBuilder();
-            Document xmlDocument = xmlDocumentBuilder.parse(inputStream);
-            xmlDocument.getDocumentElement().normalize();
-
-            NodeList nList = xmlDocument.getElementsByTagName("property");
-
-            for (int temp = 0; temp < nList.getLength(); temp++) {
-
-                Node nNode = nList.item(temp);
-
-                if (nNode.getNodeType() == Node.ELEMENT_NODE) {
-
-                    Element eElement = (Element) nNode;
-
-                    String propertyName = "";
-                    String propertyValue = "";
-                    if (eElement.getElementsByTagName("name").item(0) != null) {
-                        propertyName = eElement.getElementsByTagName("name")
-                                .item(0).getTextContent().trim();
-                    }
-                    if (eElement.getElementsByTagName("value").item(0) != null) {
-                        propertyValue = eElement.getElementsByTagName("value")
-                                .item(0).getTextContent().trim();
-                    }
-
-                    properties.put(propertyName, propertyValue);
-
-                }
-            }
-        } catch (Exception e) {
-            logger.error("Error loading : ", e);
-        }
-    }
-
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java
b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java
index 13fc7da..d87120c 100644
--- a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java
+++ b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java
@@ -19,9 +19,9 @@
 package org.apache.atlas.web.filters;
 
 import java.io.IOException;
-import java.util.ArrayList;
 import java.util.Collection;
-import java.util.List;
+import java.util.HashSet;
+import java.util.Set;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
@@ -31,13 +31,11 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.atlas.AtlasClient;
-import org.apache.atlas.AtlasException;
 import org.apache.atlas.authorize.AtlasAccessRequest;
-import org.apache.atlas.authorize.AtlasActionTypes;
 import org.apache.atlas.authorize.AtlasAuthorizationException;
 import org.apache.atlas.authorize.AtlasAuthorizer;
+import org.apache.atlas.authorize.AtlasAuthorizerFactory;
 import org.apache.atlas.authorize.AtlasResourceTypes;
-import org.apache.atlas.authorize.SimpleAtlasAuthorizer;
 import org.json.simple.JSONObject;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -45,7 +43,6 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.filter.GenericFilterBean;
-import static org.apache.atlas.authorize.AtlasAuthorizationUtils.*;
 
 import com.google.common.base.Strings;
 
@@ -53,23 +50,36 @@ public class AtlasAuthorizationFilter extends GenericFilterBean {
 
     private static final Logger LOG = LoggerFactory.getLogger(AtlasAuthorizationFilter.class);
     private static boolean isDebugEnabled = LOG.isDebugEnabled();
-    private AtlasAuthorizer authorizer = SimpleAtlasAuthorizer.getInstance();
+    private AtlasAuthorizer authorizer = null;
 
     private final String BASE_URL = "/" + AtlasClient.BASE_URI;
 
     public AtlasAuthorizationFilter() {
         if (isDebugEnabled) {
-            LOG.debug("<== AtlasAuthorizationFilter() -- " + "Now initializing the Apache
Atlas Authorizer!!!");
+            LOG.debug("==> AtlasAuthorizationFilter() -- " + "Now initializing the Apache
Atlas Authorizer!!!");
         }
-        authorizer.init();
+
+        try {
+            authorizer = AtlasAuthorizerFactory.getAtlasAuthorizer();
+            if (authorizer != null) {
+                authorizer.init();
+            } else {
+                LOG.warn("AtlasAuthorizer not initialized properly, please check the application
logs and add proper configurations.");
+            }
+        } catch (AtlasAuthorizationException e) {
+            LOG.error("Unable to obtain AtlasAuthorizer. ", e);
+        }
+
     }
 
     @Override
     public void destroy() {
         if (isDebugEnabled) {
-            LOG.debug("<== AtlasAuthorizationFilter destroy");
+            LOG.debug("==> AtlasAuthorizationFilter destroy");
+        }
+        if (authorizer != null) {
+            authorizer.cleanUp();
         }
-        authorizer.cleanUp();
         super.destroy();
     }
 
@@ -83,15 +93,13 @@ public class AtlasAuthorizationFilter extends GenericFilterBean {
 
         HttpServletRequest request = (HttpServletRequest) req;
         String pathInfo = request.getServletPath();
-        if (pathInfo.startsWith(BASE_URL)) {
+        if (!Strings.isNullOrEmpty(pathInfo) && pathInfo.startsWith(BASE_URL)) {
             if (isDebugEnabled) {
                 LOG.debug(pathInfo + " is a valid REST API request!!!");
             }
 
-            AtlasActionTypes action = getAtlasAction(request.getMethod());
             String userName = null;
-            List<String> groups = new ArrayList<String>();
-            StringBuilder sb = new StringBuilder();
+            Set<String> groups = new HashSet<String>();
 
             Authentication auth = SecurityContextHolder.getContext().getAuthentication();
 
@@ -101,37 +109,43 @@ public class AtlasAuthorizationFilter extends GenericFilterBean {
                 for (GrantedAuthority c : authorities) {
                     groups.add(c.getAuthority());
                 }
-                sb.append("============================\n");
-                sb.append("UserName ==>> " + userName + "\nGroups ==>> " + groups);
             } else {
                 if (LOG.isErrorEnabled()) {
                     LOG.error("Cannot obtain Security Context : " + auth);
                 }
                 throw new ServletException("Cannot obtain Security Context : " + auth);
             }
-
-            sb.append("\n" + "URL :: " + request.getRequestURL() + " Action :: " + action);
-            sb.append("\nrequest.getServletPath() :: " + pathInfo);
-            sb.append("\n============================\n");
-
+            AtlasAccessRequest atlasRequest = new AtlasAccessRequest(request, userName, groups);
             if (isDebugEnabled) {
-                LOG.debug(sb.toString());
+                LOG.debug("============================\n" + "UserName :: " + atlasRequest.getUser()
+ "\nGroups :: "
+                    + atlasRequest.getUserGroups() + "\nURL :: " + request.getRequestURL()
+ "\nAction :: "
+                    + atlasRequest.getAction() + "\nrequest.getServletPath() :: " + pathInfo
+                    + "\n============================\n");
             }
-            sb = null;
-            List<AtlasResourceTypes> atlasResourceType = getAtlasResourceType(pathInfo);
-            String resource = getAtlasResource(request, action);
-            AtlasAccessRequest atlasRequest =
-                new AtlasAccessRequest(atlasResourceType, resource, action, userName, groups);
+
             boolean accessAllowed = false;
-            try {
-                accessAllowed = authorizer.isAccessAllowed(atlasRequest);
-            } catch (AtlasAuthorizationException e) {
-                if (LOG.isErrorEnabled()) {
-                    LOG.error("Access Restricted. Could not process the request due to :
" + e);
+
+            Set<AtlasResourceTypes> atlasResourceTypes = atlasRequest.getResourceTypes();
+            if (atlasResourceTypes.size() == 1 && atlasResourceTypes.contains(AtlasResourceTypes.UNKNOWN))
{
+                // Allowing access to unprotected resource types
+                if (LOG.isDebugEnabled()) {
+                    LOG.debug("Allowing access to unprotected resource types " + atlasResourceTypes);
+                }
+                accessAllowed = true;
+            } else {
+
+                try {
+                    if (authorizer != null) {
+                        accessAllowed = authorizer.isAccessAllowed(atlasRequest);
+                    }
+                } catch (AtlasAuthorizationException e) {
+                    if (LOG.isErrorEnabled()) {
+                        LOG.error("Access Restricted. Could not process the request :: "
+ e);
+                    }
+                }
+                if (isDebugEnabled) {
+                    LOG.debug("Authorizer result :: " + accessAllowed);
                 }
-            }
-            if (isDebugEnabled) {
-                LOG.debug("Authorizer result :: " + accessAllowed);
             }
             if (accessAllowed) {
                 if (isDebugEnabled) {
@@ -140,17 +154,17 @@ public class AtlasAuthorizationFilter extends GenericFilterBean {
                 chain.doFilter(req, res);
             } else {
                 JSONObject json = new JSONObject();
-                json.put("AuthorizationError", "Sorry you are not authorized for " + action.name()
+ " on "
-                    + atlasResourceType + " : " + resource);
+                json.put("AuthorizationError", "You are not authorized for " + atlasRequest.getAction().name()
+ " on "
+                    + atlasResourceTypes + " : " + atlasRequest.getResource());
                 HttpServletResponse response = (HttpServletResponse) res;
                 response.setContentType("application/json");
                 response.setStatus(HttpServletResponse.SC_FORBIDDEN);
 
                 response.sendError(HttpServletResponse.SC_FORBIDDEN, json.toString());
                 if (isDebugEnabled) {
-                    LOG.debug("Sorry you are not authorized for " + action.name() + " on
" + atlasResourceType + " : "
-                        + resource);
-                    LOG.debug("Returning 403 since the access is blocked update!!!!");
+                    LOG.debug("You are not authorized for " + atlasRequest.getAction().name()
+ " on "
+                        + atlasResourceTypes + " : " + atlasRequest.getResource()
+                        + "\nReturning 403 since the access is blocked update!!!!");
                 }
                 return;
             }

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java
b/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java
index 9e5df45..34063b0 100644
--- a/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java
+++ b/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java
@@ -22,7 +22,7 @@ import java.util.List;
 
 import javax.annotation.PostConstruct;
 
-import org.apache.atlas.util.PropertiesUtil;
+import org.apache.atlas.utils.PropertiesUtil;
 import org.apache.atlas.web.model.User;
 import org.apache.log4j.Logger;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java
b/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java
index e66b930..6037858 100644
--- a/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java
+++ b/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java
@@ -20,7 +20,7 @@ package org.apache.atlas.web.security;
 
 import java.util.List;
 import javax.annotation.PostConstruct;
-import org.apache.atlas.util.PropertiesUtil;
+import org.apache.atlas.utils.PropertiesUtil;
 import org.apache.atlas.web.model.User;
 import org.apache.log4j.Logger;
 import org.springframework.ldap.core.support.LdapContextSource;

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/webapp/src/main/webapp/WEB-INF/applicationContext.xml b/webapp/src/main/webapp/WEB-INF/applicationContext.xml
index b58952c..004c3a8 100644
--- a/webapp/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/webapp/src/main/webapp/WEB-INF/applicationContext.xml
@@ -24,9 +24,9 @@
 
 
         <import resource="classpath:/spring-security.xml" />
-        <bean id="xmlPropertyConfigurer" class="org.apache.atlas.util.XMLPropertiesUtil"
/>
+        <bean id="xmlPropertyConfigurer" class="org.apache.atlas.utils.XMLPropertiesUtil"
/>
 
-        <bean id="propertyConfigurer" class="org.apache.atlas.util.PropertiesUtil">
+        <bean id="propertyConfigurer" class="org.apache.atlas.utils.PropertiesUtil">
                 <property name="locations">
                         <list>
                                 <value>classpath:atlas-admin-site.xml

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/test/java/org/apache/atlas/authorize/AtlasAuthorizationUtilsTest.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/authorize/AtlasAuthorizationUtilsTest.java
b/webapp/src/test/java/org/apache/atlas/authorize/AtlasAuthorizationUtilsTest.java
deleted file mode 100644
index 5fc4420..0000000
--- a/webapp/src/test/java/org/apache/atlas/authorize/AtlasAuthorizationUtilsTest.java
+++ /dev/null
@@ -1,121 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.atlas.authorize;
-
-import org.testng.annotations.Test;
-
-import java.util.List;
-
-import static org.testng.Assert.assertEquals;
-import static org.testng.Assert.assertTrue;
-
-/**
- * Unit tests for AtlasAuthorizationUtils.
- */
-public class AtlasAuthorizationUtilsTest {
-    @Test
-    public void testGetApi() {
-        String contextPath = "/api/atlas/entities";
-        assertEquals(AtlasAuthorizationUtils.getApi(contextPath), "entities");
-
-        contextPath = "/api/atlas/entities/111/traits";
-        assertEquals(AtlasAuthorizationUtils.getApi(contextPath), "entities");
-
-        contextPath = "/api/atlas/v1/entities";
-        assertEquals(AtlasAuthorizationUtils.getApi(contextPath), "v1/entities");
-
-        contextPath = "/api/atlas/v1/entities/111/tags";
-        assertEquals(AtlasAuthorizationUtils.getApi(contextPath), "v1/entities");
-
-        // not sure of this use case but the code appears to support url's that don't
-        // begin with base url.
-        contextPath = "/foo/bar";
-        assertEquals(AtlasAuthorizationUtils.getApi(contextPath), "foo");
-    }
-
-    @Test
-    public void testGetAtlasResourceType() throws Exception {
-        String contextPath = "/api/atlas/types";
-        List<AtlasResourceTypes> resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath);
-        assertEquals(resourceTypes.size(), 1);
-        assertTrue(resourceTypes.contains(AtlasResourceTypes.TYPE));
-
-        contextPath = "/api/atlas/admin/foo";
-        resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath);
-        assertEquals(resourceTypes.size(), 1);
-        assertTrue(resourceTypes.contains(AtlasResourceTypes.OPERATION));
-
-        contextPath = "/api/atlas/graph/foo";
-        resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath);
-        assertEquals(resourceTypes.size(), 1);
-        assertTrue(resourceTypes.contains(AtlasResourceTypes.OPERATION));
-
-        contextPath = "/api/atlas/discovery/search/gremlin";
-        resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath);
-        assertEquals(resourceTypes.size(), 1);
-        assertTrue(resourceTypes.contains(AtlasResourceTypes.OPERATION));
-
-        contextPath = "/api/atlas/entities/111/traits";
-        resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath);
-        assertEquals(resourceTypes.size(), 2);
-        assertTrue(resourceTypes.contains(AtlasResourceTypes.ENTITY));
-        assertTrue(resourceTypes.contains(AtlasResourceTypes.TYPE));
-
-        contextPath = "/api/atlas/discovery/search";
-        resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath);
-        assertEquals(resourceTypes.size(), 2);
-        assertTrue(resourceTypes.contains(AtlasResourceTypes.ENTITY));
-        assertTrue(resourceTypes.contains(AtlasResourceTypes.TYPE));
-
-        contextPath = "/api/atlas/entities?type=Column";
-        resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath);
-        assertEquals(resourceTypes.size(), 1);
-        assertTrue(resourceTypes.contains(AtlasResourceTypes.ENTITY));
-
-        contextPath = "/api/atlas/lineage";
-        resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath);
-        assertEquals(resourceTypes.size(), 1);
-        assertTrue(resourceTypes.contains(AtlasResourceTypes.ENTITY));
-
-        contextPath = "/api/atlas/v1/taxonomies";
-        resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath);
-        assertEquals(resourceTypes.size(), 2);
-        assertTrue(resourceTypes.contains(AtlasResourceTypes.TAXONOMY));
-        assertTrue(resourceTypes.contains(AtlasResourceTypes.ENTITY));
-
-        contextPath = "/api/atlas/v1/taxonomies/taxonomy1/terms";
-        resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath);
-        assertEquals(resourceTypes.size(), 4);
-        assertTrue(resourceTypes.contains(AtlasResourceTypes.TAXONOMY));
-        assertTrue(resourceTypes.contains(AtlasResourceTypes.ENTITY));
-        assertTrue(resourceTypes.contains(AtlasResourceTypes.TERM));
-        assertTrue(resourceTypes.contains(AtlasResourceTypes.TYPE));
-
-        contextPath = "/api/atlas/v1/entities/111";
-        resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath);
-        assertEquals(resourceTypes.size(), 1);
-        assertTrue(resourceTypes.contains(AtlasResourceTypes.ENTITY));
-
-        contextPath = "/api/atlas/v1/entities/111/tags/foo";
-        resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath);
-        assertEquals(resourceTypes.size(), 2);
-        assertTrue(resourceTypes.contains(AtlasResourceTypes.ENTITY));
-        assertTrue(resourceTypes.contains(AtlasResourceTypes.TYPE));
-    }
-}

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/test/java/org/apache/atlas/authorize/PolicyParserTest.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/authorize/PolicyParserTest.java b/webapp/src/test/java/org/apache/atlas/authorize/PolicyParserTest.java
deleted file mode 100644
index 507d4c6..0000000
--- a/webapp/src/test/java/org/apache/atlas/authorize/PolicyParserTest.java
+++ /dev/null
@@ -1,167 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.atlas.authorize;
-
-import static org.junit.Assert.assertEquals;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import org.testng.annotations.Test;
-
-public class PolicyParserTest {
-
-    @Test
-    public void testParsePoliciesWithAllProperties() {
-        List<String> policies = new ArrayList<String>();
-        policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;entity:*abc,operation:*xyz,type:PII");
-        /* Creating group data */
-        Map<String, List<AtlasActionTypes>> groupMap = new HashMap<String,
List<AtlasActionTypes>>();
-        List<AtlasActionTypes> accessList1 = new ArrayList<AtlasActionTypes>();
-        accessList1.add(AtlasActionTypes.READ);
-        accessList1.add(AtlasActionTypes.WRITE);
-        accessList1.add(AtlasActionTypes.UPDATE);
-
-        groupMap.put("grp1", accessList1);
-        List<AtlasActionTypes> accessList2 = new ArrayList<AtlasActionTypes>();
-        accessList2.add(AtlasActionTypes.UPDATE);
-        groupMap.put("grp2", accessList2);
-
-        /* Creating user data */
-        Map<String, List<AtlasActionTypes>> usersMap = new HashMap<String,
List<AtlasActionTypes>>();
-        List<AtlasActionTypes> usr1AccessList = new ArrayList<AtlasActionTypes>();
-        usr1AccessList.add(AtlasActionTypes.READ);
-        usersMap.put("usr1", usr1AccessList);
-
-        List<AtlasActionTypes> usr2AccessList = new ArrayList<AtlasActionTypes>();
-        usr2AccessList.add(AtlasActionTypes.READ);
-        usr2AccessList.add(AtlasActionTypes.WRITE);
-        usersMap.put("usr2", usr2AccessList);
-
-        /* Creating resources data */
-        Map<AtlasResourceTypes, List<String>> resourceMap = new HashMap<AtlasResourceTypes,
List<String>>();
-        List<String> resource1List = new ArrayList<String>();
-        resource1List.add("*abc");
-        resourceMap.put(AtlasResourceTypes.ENTITY, resource1List);
-
-        List<String> resource2List = new ArrayList<String>();
-        resource2List.add("*xyz");
-        resourceMap.put(AtlasResourceTypes.OPERATION, resource2List);
-
-        List<String> resource3List = new ArrayList<String>();
-        resource3List.add("PII");
-        resourceMap.put(AtlasResourceTypes.TYPE, resource3List);
-
-        List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies);
-        for (PolicyDef def : policyDefs) {
-
-            assertEquals(def.getPolicyName(), "hivePolicy");
-            assertEquals(def.getGroups(), groupMap);
-            assertEquals(def.getUsers(), usersMap);
-            assertEquals(def.getResources(), resourceMap);
-
-        }
-
-    }
-
-    @Test
-    public void testParsePoliciesWithOutUserProperties() {
-        List<String> policies = new ArrayList<String>();
-        policies.add("hivePolicy;;;;grp1:rwu,grp2:u;;entity:*abc,operation:*xyz,type:PII");
-        // Creating group data
-        Map<String, List<AtlasActionTypes>> groupMap = new HashMap<String,
List<AtlasActionTypes>>();
-        List<AtlasActionTypes> accessList1 = new ArrayList<AtlasActionTypes>();
-        accessList1.add(AtlasActionTypes.READ);
-        accessList1.add(AtlasActionTypes.WRITE);
-        accessList1.add(AtlasActionTypes.UPDATE);
-
-        groupMap.put("grp1", accessList1);
-        List<AtlasActionTypes> accessList2 = new ArrayList<AtlasActionTypes>();
-        accessList2.add(AtlasActionTypes.UPDATE);
-        groupMap.put("grp2", accessList2);
-
-        // Creating user data
-        Map<String, List<AtlasActionTypes>> usersMap = new HashMap<String,
List<AtlasActionTypes>>();
-
-        // Creating resources data
-        Map<AtlasResourceTypes, List<String>> resourceMap = new HashMap<AtlasResourceTypes,
List<String>>();
-        List<String> resource1List = new ArrayList<String>();
-        resource1List.add("*abc");
-        resourceMap.put(AtlasResourceTypes.ENTITY, resource1List);
-
-        List<String> resource2List = new ArrayList<String>();
-        resource2List.add("*xyz");
-        resourceMap.put(AtlasResourceTypes.OPERATION, resource2List);
-
-        List<String> resource3List = new ArrayList<String>();
-        resource3List.add("PII");
-        resourceMap.put(AtlasResourceTypes.TYPE, resource3List);
-
-        List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies);
-        for (PolicyDef def : policyDefs) {
-
-            assertEquals(def.getPolicyName(), "hivePolicy");
-            assertEquals(def.getGroups(), groupMap);
-            assertEquals(def.getUsers(), usersMap);
-            assertEquals(def.getResources(), resourceMap);
-
-        }
-
-    }
-
-    @Test
-    public void testParsePoliciesWithOutGroupProperties() {
-        List<String> policies = new ArrayList<String>();
-        policies.add("hivePolicy;;usr1:r,usr2:rw;;;;entity:*abc,operation:*xyz,type:PII");
-        // Creating group data
-        Map<String, List<AtlasActionTypes>> groupMap = new HashMap<String,
List<AtlasActionTypes>>();
-
-        // Creating user data
-        Map<String, List<AtlasActionTypes>> usersMap = new HashMap<String,
List<AtlasActionTypes>>();
-        List<AtlasActionTypes> usr1AccessList = new ArrayList<AtlasActionTypes>();
-        usr1AccessList.add(AtlasActionTypes.READ);
-        usersMap.put("usr1", usr1AccessList);
-
-        List<AtlasActionTypes> usr2AccessList = new ArrayList<AtlasActionTypes>();
-        usr2AccessList.add(AtlasActionTypes.READ);
-        usr2AccessList.add(AtlasActionTypes.WRITE);
-        usersMap.put("usr2", usr2AccessList);
-
-        // Creating resources data
-        Map<AtlasResourceTypes, List<String>> resourceMap = new HashMap<AtlasResourceTypes,
List<String>>();
-        List<String> resource1List = new ArrayList<String>();
-        resource1List.add("*abc");
-        resourceMap.put(AtlasResourceTypes.ENTITY, resource1List);
-
-        List<String> resource2List = new ArrayList<String>();
-        resource2List.add("*xyz");
-        resourceMap.put(AtlasResourceTypes.OPERATION, resource2List);
-
-        List<String> resource3List = new ArrayList<String>();
-        resource3List.add("PII");
-        resourceMap.put(AtlasResourceTypes.TYPE, resource3List);
-
-        List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies);
-        for (PolicyDef def : policyDefs) {
-            assertEquals(def.getPolicyName(), "hivePolicy");
-            assertEquals(def.getGroups(), groupMap);
-            assertEquals(def.getUsers(), usersMap);
-            assertEquals(def.getResources(), resourceMap);
-        }
-    }
-}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/test/java/org/apache/atlas/authorize/PolicyUtilTest.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/authorize/PolicyUtilTest.java b/webapp/src/test/java/org/apache/atlas/authorize/PolicyUtilTest.java
deleted file mode 100644
index 59e88c9..0000000
--- a/webapp/src/test/java/org/apache/atlas/authorize/PolicyUtilTest.java
+++ /dev/null
@@ -1,95 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.atlas.authorize;
-
-import static org.junit.Assert.assertEquals;
-
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.testng.annotations.Test;
-
-public class PolicyUtilTest {
-
-    @Test
-    public void testCreatePermissionMap() {
-
-        HashMap<AtlasResourceTypes, List<String>> resourceMap = new HashMap<AtlasResourceTypes,
List<String>>();
-        List<String> resource1List = new ArrayList<String>();
-        resource1List.add("*abc");
-        resourceMap.put(AtlasResourceTypes.ENTITY, resource1List);
-
-        List<String> resource2List = new ArrayList<String>();
-        resource2List.add("*xyz");
-        resourceMap.put(AtlasResourceTypes.OPERATION, resource2List);
-
-        List<String> resource3List = new ArrayList<String>();
-        resource3List.add("PII");
-        resourceMap.put(AtlasResourceTypes.TYPE, resource3List);
-
-        Map<String, HashMap<AtlasResourceTypes, List<String>>> permissionMap
=
-            new HashMap<String, HashMap<AtlasResourceTypes, List<String>>>();
-        permissionMap.put("grp1", resourceMap);
-
-        List<String> policies = new ArrayList<String>();
-        policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;entity:*abc,operation:*xyz,type:PII");
-        List<PolicyDef> policyDefList = new PolicyParser().parsePolicies(policies);
-
-        Map<String, Map<AtlasResourceTypes, List<String>>> createdPermissionMap
=
-            new PolicyUtil().createPermissionMap(policyDefList, AtlasActionTypes.READ, AtlasAccessorTypes.GROUP);
-
-        assertEquals(permissionMap, createdPermissionMap);
-
-    }
-
-    @Test
-    public void testMergeCreatePermissionMap() {
-
-        HashMap<AtlasResourceTypes, List<String>> resourceMap = new HashMap<AtlasResourceTypes,
List<String>>();
-        List<String> resource1List = new ArrayList<String>();
-        resource1List.add("*abc");
-        resourceMap.put(AtlasResourceTypes.ENTITY, resource1List);
-
-        List<String> resource2List = new ArrayList<String>();
-        resource2List.add("*x");
-        resource2List.add("*xyz");
-        resourceMap.put(AtlasResourceTypes.OPERATION, resource2List);
-
-        List<String> resource3List = new ArrayList<String>();
-        resource3List.add("PII");
-        resourceMap.put(AtlasResourceTypes.TYPE, resource3List);
-
-        Map<String, HashMap<AtlasResourceTypes, List<String>>> permissionMap
=
-            new HashMap<String, HashMap<AtlasResourceTypes, List<String>>>();
-        permissionMap.put("grp1", resourceMap);
-
-        List<String> policies = new ArrayList<String>();
-        policies.add("hivePolicys;;;;grp1:rwu;;entity:*abc,operation:*xyz,operation:*x");
-        policies.add("hivePolicy;;;;grp1:rwu;;entity:*abc,operation:*xyz");
-        policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu;;entity:*abc,operation:*xyz");
-        policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;entity:*abc,operation:*xyz,type:PII");
-        List<PolicyDef> policyDefList = new PolicyParser().parsePolicies(policies);
-
-        Map<String, Map<AtlasResourceTypes, List<String>>> createdPermissionMap
=
-            new PolicyUtil().createPermissionMap(policyDefList, AtlasActionTypes.READ, AtlasAccessorTypes.GROUP);
-
-        assertEquals(permissionMap, createdPermissionMap);
-
-    }
-}

http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/test/java/org/apache/atlas/authorize/SimpleAtlasAuthorizerTest.java
----------------------------------------------------------------------
diff --git a/webapp/src/test/java/org/apache/atlas/authorize/SimpleAtlasAuthorizerTest.java
b/webapp/src/test/java/org/apache/atlas/authorize/SimpleAtlasAuthorizerTest.java
deleted file mode 100644
index 5041e6f..0000000
--- a/webapp/src/test/java/org/apache/atlas/authorize/SimpleAtlasAuthorizerTest.java
+++ /dev/null
@@ -1,185 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.atlas.authorize;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Map;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.testng.AssertJUnit;
-import org.testng.annotations.Test;
-
-
-public class SimpleAtlasAuthorizerTest {
-
-    private static Logger LOG = LoggerFactory.getLogger(SimpleAtlasAuthorizerTest.class);
-    
-    @Test
-    public void testAccessAllowedForUserAndGroup() {
-
-        Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap
= null;
-        Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap
= null;
-        List<String> policies = new ArrayList<String>();
-        policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;type:*abc,type:PII");
-
-        List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies);
-        PolicyUtil policyUtil = new PolicyUtil();
-        // group read map
-        groupReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ,
AtlasAccessorTypes.GROUP);
-        // creating user readMap
-        userReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.USER);
-
-        List<AtlasResourceTypes> resourceType = new ArrayList<AtlasResourceTypes>();
-        resourceType.add(AtlasResourceTypes.TYPE);
-        String resource = "xsdfhjabc";
-        AtlasActionTypes action = AtlasActionTypes.READ;
-        String user = "usr1";
-
-        List<String> userGroups = new ArrayList<String>();
-        userGroups.add("grp3");
-        AtlasAccessRequest request = new AtlasAccessRequest(resourceType, resource, action,
user, userGroups);
-        SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) SimpleAtlasAuthorizer.getInstance();
-
-        authorizer.setResourcesForTesting(userReadMap, groupReadMap, action);
-
-        try {
-            boolean isAccessAllowed = authorizer.isAccessAllowed(request);
-            // getUserReadMap
-            AssertJUnit.assertEquals(true, isAccessAllowed);
-        } catch (AtlasAuthorizationException e) {
-            if (LOG.isErrorEnabled()) {
-                LOG.error("AtlasAuthorizationException in Unit Test", e);
-            }
-        }
-
-    }
-
-    @Test
-    public void testAccessAllowedForGroup() {
-
-        Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap
= null;
-        Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap
= null;
-        List<String> policies = new ArrayList<String>();
-        policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;type:PII");
-
-        List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies);
-        PolicyUtil policyUtil = new PolicyUtil();
-        // creating group read map
-        groupReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ,
AtlasAccessorTypes.GROUP);
-        // creating user readMap
-        userReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.USER);
-
-        List<AtlasResourceTypes> resourceType = new ArrayList<AtlasResourceTypes>();
-        resourceType.add(AtlasResourceTypes.TYPE);
-        String resource = "PII";
-        AtlasActionTypes action = AtlasActionTypes.READ;
-        String user = "usr3";
-        List<String> userGroups = new ArrayList<String>();
-        userGroups.add("grp1");
-        AtlasAccessRequest request = new AtlasAccessRequest(resourceType, resource, action,
user, userGroups);
-        SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) SimpleAtlasAuthorizer.getInstance();
-        authorizer.setResourcesForTesting(userReadMap, groupReadMap, action);
-
-        try {
-            boolean isAccessAllowed = authorizer.isAccessAllowed(request);
-            AssertJUnit.assertEquals(true, isAccessAllowed);
-        } catch (AtlasAuthorizationException e) {
-            if (LOG.isErrorEnabled()) {
-                LOG.error("AtlasAuthorizationException in Unit Test", e);
-            }
-           
-        }
-
-    }
-
-    @Test
-    public void testResourceNotAvailableInPolicy() {
-
-        Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap
= null;
-        Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap
= null;
-        List<String> policies = new ArrayList<String>();
-        policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;type:PII");
-
-        List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies);
-        PolicyUtil policyUtil = new PolicyUtil();
-        // group read map
-        groupReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ,
AtlasAccessorTypes.GROUP);
-        // creating user readMap
-        userReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.USER);
-
-        List<AtlasResourceTypes> resourceType = new ArrayList<AtlasResourceTypes>();
-        resourceType.add(AtlasResourceTypes.TYPE);
-        String resource = "abc";
-        AtlasActionTypes action = AtlasActionTypes.READ;
-        String user = "usr1";
-        List<String> userGroups = new ArrayList<String>();
-        userGroups.add("grp1");
-        AtlasAccessRequest request = new AtlasAccessRequest(resourceType, resource, action,
user, userGroups);
-        SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) SimpleAtlasAuthorizer.getInstance();
-        authorizer.setResourcesForTesting(userReadMap, groupReadMap, action);
-
-        try {
-            boolean isAccessAllowed = authorizer.isAccessAllowed(request);
-            AssertJUnit.assertEquals(false, isAccessAllowed);
-        } catch (AtlasAuthorizationException e) {
-            if (LOG.isErrorEnabled()) {
-                LOG.error("AtlasAuthorizationException in Unit Test", e);
-            }
-        }
-
-    }
-
-    @Test
-    public void testAccessNotAllowedForUserAndGroup() {
-
-        Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap
= null;
-        Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap
= null;
-        List<String> policies = new ArrayList<String>();
-        policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;type:PII");
-
-        List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies);
-        PolicyUtil policyUtil = new PolicyUtil();
-        // group read map
-        groupReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ,
AtlasAccessorTypes.GROUP);
-        // creating user readMap
-        userReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.USER);
-
-        List<AtlasResourceTypes> resourceType = new ArrayList<AtlasResourceTypes>();
-        resourceType.add(AtlasResourceTypes.TYPE);
-        String resource = "PII";
-        AtlasActionTypes action = AtlasActionTypes.READ;
-        String user = "usr3";
-        List<String> userGroups = new ArrayList<String>();
-        userGroups.add("grp3");
-        AtlasAccessRequest request = new AtlasAccessRequest(resourceType, resource, action,
user, userGroups);
-        SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) SimpleAtlasAuthorizer.getInstance();
-        authorizer.setResourcesForTesting(userReadMap, groupReadMap, action);
-
-        try {
-            boolean isAccessAllowed = authorizer.isAccessAllowed(request);
-            AssertJUnit.assertEquals(false, isAccessAllowed);
-        } catch (AtlasAuthorizationException e) {
-            if (LOG.isErrorEnabled()) {
-                LOG.error("AtlasAuthorizationException in Unit Test", e);
-            }
-        }
-
-    }
-
-}



Mime
View raw message