ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject git commit: ARGUS-17: GRANT/REVOKE REST API implementation in security admin
Date Tue, 26 Aug 2014 22:28:19 GMT
Repository: incubator-argus
Updated Branches:
  refs/heads/master eddffcb4d -> 42748388d


ARGUS-17: GRANT/REVOKE REST API implementation in security admin

Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/42748388
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/42748388
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/42748388

Branch: refs/heads/master
Commit: 42748388d9045c55e37e78e5c7df5a35f220b90c
Parents: eddffcb
Author: mneethiraj <mneethiraj@hortonworks.com>
Authored: Tue Aug 26 14:16:06 2014 -0700
Committer: mneethiraj <mneethiraj@hortonworks.com>
Committed: Tue Aug 26 14:16:06 2014 -0700

----------------------------------------------------------------------
 .../admin/client/XaAdminRESTClient.java         |   4 +-
 .../admin/client/datatype/GrantRevokeData.java  |   6 +
 .../hive/authorizer/XaSecureHiveAuthorizer.java |  15 +-
 .../authorizer/XaSecureHiveAuthorizerBase.java  |   9 +
 .../main/java/com/xasecure/biz/AssetMgr.java    | 686 ++++++++++++++++++-
 .../main/java/com/xasecure/biz/XABizUtil.java   |  26 +-
 .../main/java/com/xasecure/rest/AssetREST.java  |  52 +-
 .../com/xasecure/service/XAuditMapService.java  |  45 ++
 .../com/xasecure/service/XPermMapService.java   |  46 ++
 .../com/xasecure/service/XPolicyService.java    |   9 +-
 .../com/xasecure/service/XResourceService.java  |  45 ++
 .../com/xasecure/service/XTrxLogService.java    |  46 ++
 .../main/java/com/xasecure/view/VXPolicy.java   |  13 +
 13 files changed, 976 insertions(+), 26 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/42748388/agents-common/src/main/java/com/xasecure/admin/client/XaAdminRESTClient.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/com/xasecure/admin/client/XaAdminRESTClient.java b/agents-common/src/main/java/com/xasecure/admin/client/XaAdminRESTClient.java
index 69f754c..7e1c9aa 100644
--- a/agents-common/src/main/java/com/xasecure/admin/client/XaAdminRESTClient.java
+++ b/agents-common/src/main/java/com/xasecure/admin/client/XaAdminRESTClient.java
@@ -134,7 +134,7 @@ public class XaAdminRESTClient implements XaAdminClient {
 
 			WebResource webResource = client.resource(mUrl + REST_URL_PATH_GRANT);
 
-			ClientResponse response = webResource.accept(REST_EXPECTED_MIME_TYPE).type(REST_EXPECTED_MIME_TYPE).post(ClientResponse.class, grData.toString());
+			ClientResponse response = webResource.accept(REST_EXPECTED_MIME_TYPE).type(REST_EXPECTED_MIME_TYPE).post(ClientResponse.class, grData.toJson());
 
 			if(response == null) {
 				throw new Exception("grantPrivilege(): unknown failure");
@@ -157,7 +157,7 @@ public class XaAdminRESTClient implements XaAdminClient {
 
 			WebResource webResource = client.resource(mUrl + REST_URL_PATH_REVOKE);
 
-			ClientResponse response = webResource.accept(REST_EXPECTED_MIME_TYPE).type(REST_EXPECTED_MIME_TYPE).post(ClientResponse.class, grData.toString());
+			ClientResponse response = webResource.accept(REST_EXPECTED_MIME_TYPE).type(REST_EXPECTED_MIME_TYPE).post(ClientResponse.class, grData.toJson());
 
 			if(response == null) {
 				throw new Exception("revokePrivilege(): unknown failure");

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/42748388/agents-common/src/main/java/com/xasecure/admin/client/datatype/GrantRevokeData.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/com/xasecure/admin/client/datatype/GrantRevokeData.java b/agents-common/src/main/java/com/xasecure/admin/client/datatype/GrantRevokeData.java
index a3d9112..117ae08 100644
--- a/agents-common/src/main/java/com/xasecure/admin/client/datatype/GrantRevokeData.java
+++ b/agents-common/src/main/java/com/xasecure/admin/client/datatype/GrantRevokeData.java
@@ -29,6 +29,8 @@ public class GrantRevokeData implements java.io.Serializable {
 	private String        tables;
 	private String        columns;
 	private String        columnFamilies;
+	private boolean       isEnabled;
+	private boolean       isAuditEnabled;
 	private List<PermMap> permMapList = new ArrayList<PermMap>();
 
 
@@ -112,6 +114,8 @@ public class GrantRevokeData implements java.io.Serializable {
 		this.databases      = databases;
 		this.tables         = tables;
 		this.columns        = columns;
+		this.isAuditEnabled = true;
+		this.isEnabled      = true;
 
 		for(PermMap permMap : permMapList) {
 			this.permMapList.add(permMap);
@@ -130,6 +134,8 @@ public class GrantRevokeData implements java.io.Serializable {
 		this.tables         = tables;
 		this.columns        = columns;
 		this.columnFamilies = columnFamilies;
+		this.isAuditEnabled = true;
+		this.isEnabled      = true;
 
 		for(PermMap permMap : permMapList) {
 			this.permMapList.add(permMap);

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/42748388/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java b/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
index a09b372..1308c04 100644
--- a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
+++ b/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizer.java
@@ -174,7 +174,12 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
 							    HiveAuthzContext          context)
 		      throws HiveAuthzPluginException, HiveAccessControlException {
 
-		UserGroupInformation ugi        =  this.getCurrentUserGroupInfo();
+		UserGroupInformation ugi =  this.getCurrentUserGroupInfo();
+
+		if(ugi == null) {
+			throw new HiveAccessControlException("Permission denied: user information not available");
+		}
+
 		XaHiveAccessContext hiveContext = this.getAccessContext(context);
 
 		if(LOG.isDebugEnabled()) {
@@ -658,7 +663,13 @@ public class XaSecureHiveAuthorizer extends XaSecureHiveAuthorizerBase {
 		List<GrantRevokeData.PermMap> permMapList = new ArrayList<GrantRevokeData.PermMap>();
 		permMapList.add(permMap);
 
-		grData.setHiveData(grantorPrincipal.getName(), repositoryName, database, table, columns, permMapList);
+		String grantor = grantorPrincipal != null ? grantorPrincipal.getName() : null;
+		
+		if(StringUtil.isEmpty(grantor)) {
+			LOG.warn("grantorPrincipal.getName() is null/empty!");
+		}
+		
+		grData.setHiveData(grantor, repositoryName, database, table, columns, permMapList);
 		
 		return grData;
 	}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/42748388/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerBase.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerBase.java b/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerBase.java
index 0de4141..e5ed391 100644
--- a/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerBase.java
+++ b/hive-agent/src/main/java/com/xasecure/authorization/hive/authorizer/XaSecureHiveAuthorizerBase.java
@@ -21,6 +21,7 @@ import org.apache.hadoop.hive.ql.security.authorization.plugin.HiveRoleGrant;
 import org.apache.hadoop.security.UserGroupInformation;
 
 import com.xasecure.authorization.hive.XaHiveAccessContext;
+import com.xasecure.authorization.utils.StringUtil;
 
 public abstract class XaSecureHiveAuthorizerBase implements HiveAuthorizer {
 
@@ -44,6 +45,14 @@ public abstract class XaSecureHiveAuthorizerBase implements HiveAuthorizer {
 		String userName = mHiveAuthenticator == null ? null : mHiveAuthenticator.getUserName();
 
 		mUgi = userName == null ? null : UserGroupInformation.createRemoteUser(userName);
+
+		if(mHiveAuthenticator == null) {
+			LOG.warn("XaSecureHiveAuthorizerBase.XaSecureHiveAuthorizerBase(): hiveAuthenticator is null");
+		} else if(StringUtil.isEmpty(userName)) {
+			LOG.warn("XaSecureHiveAuthorizerBase.XaSecureHiveAuthorizerBase(): hiveAuthenticator.getUserName() returned null/empty");
+		} else if(mUgi == null) {
+			LOG.warn(String.format("XaSecureHiveAuthorizerBase.XaSecureHiveAuthorizerBase(): UserGroupInformation.createRemoteUser(%s) returned null", userName));
+		}
 	}
 
 	public HiveMetastoreClientFactory getMetastoreClientFactory() {

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/42748388/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java b/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
index 2311bb3..2e6a3fb 100644
--- a/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
+++ b/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
@@ -55,6 +55,7 @@ import com.xasecure.entity.XXGroup;
 import com.xasecure.entity.XXPermMap;
 import com.xasecure.entity.XXPolicyExportAudit;
 import com.xasecure.entity.XXPortalUser;
+import com.xasecure.entity.XXPortalUserRole;
 import com.xasecure.entity.XXResource;
 import com.xasecure.entity.XXTrxLog;
 import com.xasecure.entity.XXUser;
@@ -220,7 +221,7 @@ public class AssetMgr extends AssetMgrBase {
 		if(vXResource.getPolicyName()!=null && !vXResource.getPolicyName().trim().isEmpty()){			
 			searchCriteria=new SearchCriteria();		
 			searchCriteria.getParamList().put("policyName", vXResource.getPolicyName());
-			vXResourceList=xResourceService.searchXResources(searchCriteria);
+			vXResourceList=xResourceService.searchXResourcesWithoutLogin(searchCriteria);
 			//if policyname already exist then set null to generate from system
 			if(vXResourceList!=null && vXResourceList.getListSize()>0){
 				logger.error("policy already exist with name "+vXResource.getPolicyName());
@@ -237,7 +238,7 @@ public class AssetMgr extends AssetMgrBase {
 		if(vXResource.getPolicyName()==null ||vXResource.getPolicyName().trim().isEmpty()){
 			searchCriteria=new SearchCriteria();
 			searchCriteria.getParamList().put("assetId", vXResource.getAssetId());
-			vXResourceList=xResourceService.searchXResources(searchCriteria);			
+			vXResourceList=xResourceService.searchXResourcesWithoutLogin(searchCriteria);			
 			if(vXResourceList!=null && vXResourceList.getListSize()>0){
 				tempPoliciesCount=vXResourceList.getListSize();
 			}	
@@ -248,7 +249,7 @@ public class AssetMgr extends AssetMgrBase {
 				vXResource.setPolicyName(tempPolicyName);
 				searchCriteria=new SearchCriteria();		
 				searchCriteria.getParamList().put("policyName", vXResource.getPolicyName());
-				vXResourceList=xResourceService.searchXResources(searchCriteria);
+				vXResourceList=xResourceService.searchXResourcesWithoutLogin(searchCriteria);
 				//if policy name not exist then list will be empty and generated policyname will valid 
 				if(vXResourceList==null|| vXResourceList.getListSize()==0){
 					break;
@@ -329,7 +330,7 @@ public class AssetMgr extends AssetMgrBase {
 			searchCriteria.addParam("isRecursive", vXResource.getIsRecursive());
 		}
 		
-		VXResourceList vXResourceList=xResourceService.searchXResources(searchCriteria);		
+		VXResourceList vXResourceList=xResourceService.searchXResourcesWithoutLogin(searchCriteria);		
 		if(vXResourceList!=null && vXResourceList.getListSize()>0){
 			for(VXResource vXResourceTemp :vXResourceList.getList()){
 				if(vXResourceTemp.getId()!=vXResource.getId()){
@@ -355,7 +356,7 @@ public class AssetMgr extends AssetMgrBase {
 		if(vXResource.getPolicyName()!=null && !vXResource.getPolicyName().trim().isEmpty()){ 				
 			searchCriteria=new SearchCriteria();		
 			searchCriteria.getParamList().put("policyName", vXResource.getPolicyName());
-			vXResourceList=xResourceService.searchXResources(searchCriteria);	
+			vXResourceList=xResourceService.searchXResourcesWithoutLogin(searchCriteria);	
 			if(vXResourceList!=null && vXResourceList.getListSize()>0){
 				for (VXResource newVXResource : vXResourceList.getList()) {
 					if(vXResource.getId()!=newVXResource.getId() && vXResource.getPolicyName().trim().equalsIgnoreCase(newVXResource.getPolicyName().trim())){
@@ -377,7 +378,7 @@ public class AssetMgr extends AssetMgrBase {
 		if(vXResource.getPolicyName()==null ||vXResource.getPolicyName().trim().isEmpty()){
 			searchCriteria=new SearchCriteria();
 			searchCriteria.getParamList().put("assetId", vXResource.getAssetId());
-			vXResourceList=xResourceService.searchXResources(searchCriteria);
+			vXResourceList=xResourceService.searchXResourcesWithoutLogin(searchCriteria);
 			if(vXResourceList!=null && vXResourceList.getListSize()>0){
 				totalPoliciesCount=vXResourceList.getListSize();
 				tempPoliciesCount++;
@@ -398,7 +399,7 @@ public class AssetMgr extends AssetMgrBase {
 			while(true){
 				searchCriteria=new SearchCriteria();		
 				searchCriteria.getParamList().put("policyName", vXResource.getPolicyName());
-				vXResourceList=xResourceService.searchXResources(searchCriteria);				
+				vXResourceList=xResourceService.searchXResourcesWithoutLogin(searchCriteria);				
 				if(vXResourceList==null || vXResourceList.getListSize()==0){
 					break;
 				}else{
@@ -2261,4 +2262,675 @@ public class AssetMgr extends AssetMgrBase {
 		}
 		xaBizUtil.createTrxLog(trxLogList);
 	}
+	
+	public boolean isValidHttpsAuthentication(String repository,
+			X509Certificate[] certchain, boolean httpEnabled,
+			String ipAddress, boolean isSecure) {
+		boolean isValidAuthentication=false;
+		if (repository == null || repository.isEmpty()) {			
+			logger.error("Repository name not provided");
+			throw restErrorUtil.createRESTException("Unauthorized access.",
+					MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
+		}
+		XXAsset xAsset = xADaoManager.getXXAsset().findByAssetName(repository);
+		if(xAsset==null){
+			logger.error("Requested repository not found");
+			throw restErrorUtil.createRESTException("No Data Found.",
+					MessageEnums.DATA_NOT_FOUND);
+		}
+		if(xAsset.getActiveStatus()==XACommonEnums.ACT_STATUS_DISABLED){
+			logger.error("Requested repository is disabled");
+			throw restErrorUtil.createRESTException("Unauthorized access.",
+					MessageEnums.OPER_NOT_ALLOWED_FOR_STATE);
+		}		
+		if (!httpEnabled) {
+			if (!isSecure) {
+				throw restErrorUtil.createRESTException("Unauthorized access -"
+						+ " only https allowed",
+						MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
+			}
+			if (certchain == null || certchain.length == 0) {
+				throw restErrorUtil.createRESTException("Unauthorized access -"
+						+ " unable to get client certificate",
+						MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
+			}
+		}		
+		String commonName = null;
+		if (certchain != null) {
+			X509Certificate clientCert = certchain[0];
+			String dn = clientCert.getSubjectX500Principal().getName();
+			try {
+				LdapName ln = new LdapName(dn);
+				for (Rdn rdn : ln.getRdns()) {
+					if (rdn.getType().equalsIgnoreCase("CN")) {
+						commonName = rdn.getValue() + "";
+						break;
+					}
+				}
+				if (commonName == null) {
+					throw restErrorUtil.createRESTException(
+							"Unauthorized access - Unable to find Common Name from ["
+									+ dn + "]",
+							MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
+				}
+			} catch (InvalidNameException e) {
+				logger.error("Invalid Common Name.", e);
+				throw restErrorUtil.createRESTException(
+						"Unauthorized access - Invalid Common Name",
+						MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
+			}
+		}		
+		if (commonName != null) {
+			String config = xAsset.getConfig();
+			Map<String, String> configMap = jsonUtil.jsonToMap(config);
+			String cnFromConfig = configMap.get("commonNameForCertificate");
+			if (cnFromConfig == null
+					|| !commonName.equalsIgnoreCase(cnFromConfig)) {
+				throw restErrorUtil.createRESTException(
+						"Unauthorized access. expected [" + cnFromConfig
+								+ "], found [" + commonName + "]",
+						MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
+			}
+		}
+		isValidAuthentication=true;
+		return isValidAuthentication;
+	}
+	
+	public VXResource grantXResource(VXResource vXResource) {
+		if(vXResource==null){
+			return vXResource;
+		}
+		
+		//checks user exists or not
+		XXUser xUser = xADaoManager.getXXUser().findByUserName(vXResource.getOwner());		
+		if(xUser==null){
+			throw restErrorUtil.createRESTException("User " +vXResource.getOwner() + " is Not Found",
+					MessageEnums.DATA_NOT_FOUND);
+		}	
+		XXPortalUser xXPortalUser= xADaoManager.getXXPortalUser().findByLoginId(vXResource.getOwner());
+		if(xXPortalUser==null){
+			throw restErrorUtil.createRESTException("User " +vXResource.getOwner() + " is Not Found",
+					MessageEnums.DATA_NOT_FOUND);
+		}
+		//checks repository exists or not
+		XXAsset xAsset = xADaoManager.getXXAsset().findByAssetName(vXResource.getAssetName());
+		if (xAsset == null) {
+			logger.error("Repository not found for asset : " + vXResource.getAssetName());
+			throw restErrorUtil.createRESTException("Repository for which"
+					+ " the policy is created, doesn't exist.",MessageEnums.DATA_NOT_FOUND);
+		}	
+		//checks repository active or not
+		if(xAsset.getActiveStatus()==XACommonEnums.ACT_STATUS_DISABLED){			
+				logger.error("Trying to create/update policy in disabled repository");
+				throw restErrorUtil.createRESTException("Resource "
+						+ "creation/updation not allowed in disabled repository",MessageEnums.OPER_NO_PERMISSION);
+			
+		}
+		vXResource.setAssetId(xAsset.getId());
+		vXResource.setAssetType(xAsset.getAssetType());
+		//create resource name/path for HIVE/Hbase policy.
+		if (xAsset.getAssetType() == AppConstants.ASSET_HIVE) {
+			createResourcePathForHive(vXResource);
+			vXResource.setIsRecursive(0);
+		} else if (xAsset.getAssetType() == AppConstants.ASSET_HBASE) {
+			createResourcePathForHbase(vXResource);
+			vXResource.setIsRecursive(0);
+		}else{
+			logger.error("Invalid repository for grant operation" );
+			throw restErrorUtil.createRESTException(vXResource.getAssetName() +" is not a " 
+					+ " valid repository for grant operation",MessageEnums.OPER_NO_PERMISSION);
+		}
+		
+		//check whether resource contains multiple path or not
+		if(!stringUtil.isEmpty(vXResource.getName())){
+			String[] resources=vXResource.getName().trim().split(",");
+			if(resources!=null && resources.length>1){
+				logger.error("More than one resource found for grant operation in policy : " + vXResource.getName());
+				throw restErrorUtil.createRESTException("We did not find exact match for this resource : " + vXResource.getName(),MessageEnums.INVALID_INPUT_DATA);
+			}
+		}else{
+			throw restErrorUtil.createRESTException("Invalid Resource Name : " + vXResource.getName(),MessageEnums.INVALID_INPUT_DATA);
+		}
+		
+		//checks user is admin in resource or not
+		List<XXResource> xResourceList=xADaoManager.getXXResource().findByAssetId(xAsset.getId());		
+		if(xResourceList!=null){
+			boolean isAdmin=false;
+			List<XXPortalUserRole> xXPortalUserRoleList = xADaoManager.getXXPortalUserRole().findByParentId(xXPortalUser.getId());
+			if(xXPortalUserRoleList!=null && xXPortalUserRoleList.size()>0){
+				for(XXPortalUserRole xXPortalUserRole: xXPortalUserRoleList){
+					if(xXPortalUserRole.getUserRole().equalsIgnoreCase(XAConstants.ROLE_SYS_ADMIN)){
+						isAdmin=true;
+						break;
+					}
+				}
+			}			
+
+			if(!isAdmin){
+				if (xAsset.getAssetType() == AppConstants.ASSET_HIVE) {
+					String[] requestResNameList = vXResource.getName().trim().split(",");
+					if (stringUtil.isEmpty(vXResource.getUdfs())) {
+						int reqTableType = vXResource.getTableType();
+						int reqColumnType = vXResource.getColumnType();
+						for (String resourceName : requestResNameList) {
+							isAdmin=xaBizUtil.matchHivePolicy(resourceName,xResourceList, xUser.getId(),AppConstants.XA_PERM_TYPE_ADMIN,reqTableType,reqColumnType, false);
+							if (isAdmin) {
+								break;
+							}
+						}
+					} else {
+						for (String resourceName : requestResNameList) {
+							isAdmin=xaBizUtil.matchHivePolicy(resourceName,xResourceList, xUser.getId(),AppConstants.XA_PERM_TYPE_ADMIN);
+							if (isAdmin) {
+								break;
+							}
+						}
+					}						
+				}else if (xAsset.getAssetType() == AppConstants.ASSET_HBASE) {
+					isAdmin=xaBizUtil.matchHbasePolicy(vXResource.getName(),xResourceList,null, xUser.getId(),AppConstants.XA_PERM_TYPE_ADMIN);
+				}
+			}
+			if (!isAdmin) {
+				throw restErrorUtil.createRESTException("You're not permitted to perform "
+							+ "grant operation for resource path : " + vXResource.getName(),MessageEnums.OPER_NO_PERMISSION);
+			}
+		}
+		xResourceList=null;//explicit
+		//check whether resource exist or not
+		SearchCriteria searchCriteria=new SearchCriteria();
+		if (xAsset.getAssetType() == AppConstants.ASSET_HIVE) {
+			searchCriteria.getParamList().put("assetId", vXResource.getAssetId());
+			searchCriteria.getParamList().put("fullname", vXResource.getName());
+			searchCriteria.getParamList().put("udfs", vXResource.getUdfs());
+			searchCriteria.getParamList().put("tableType", vXResource.getTableType());
+			searchCriteria.getParamList().put("columnType", vXResource.getColumnType());
+		}else if (xAsset.getAssetType() == AppConstants.ASSET_HBASE) {
+			searchCriteria.getParamList().put("assetId", vXResource.getAssetId());
+			searchCriteria.getParamList().put("fullname", vXResource.getName());
+		}
+		
+		VXResourceList vXResourceList=xResourceService.searchXResourcesWithoutLogin(searchCriteria);
+		searchCriteria=null;		
+		//generate policy name if resource does not exist
+		if(vXResourceList==null || vXResourceList.getListSize()==0){
+			int tempPoliciesCount=0;
+			String tempPolicyName=null;
+			VXResourceList vXResourceListTemp=null;
+			if(vXResource.getPolicyName()==null ||vXResource.getPolicyName().trim().isEmpty()){
+				searchCriteria=new SearchCriteria();
+				searchCriteria.getParamList().put("assetId", vXResource.getAssetId());
+				vXResourceListTemp=xResourceService.searchXResourcesWithoutLogin(searchCriteria);			
+				if(vXResourceListTemp!=null && vXResourceListTemp.getListSize()>0){
+					tempPoliciesCount=vXResourceListTemp.getListSize();
+				}	
+				vXResourceListTemp=null;
+				while(true){
+					tempPoliciesCount++;
+					tempPolicyName=xAsset.getName()+"-"+tempPoliciesCount+"-"+DateUtil.dateToString(DateUtil.getUTCDate(),"yyyyMMddHHmmss");
+					vXResource.setPolicyName(tempPolicyName);
+					searchCriteria=new SearchCriteria();		
+					searchCriteria.getParamList().put("policyName", vXResource.getPolicyName());
+					vXResourceListTemp=xResourceService.searchXResourcesWithoutLogin(searchCriteria);
+					//if policy name not exist then list will be empty and generated policyname will valid 
+					if(vXResourceListTemp==null|| vXResourceListTemp.getListSize()==0){
+						break;
+					}
+				}
+			}			
+		}else{
+			for(VXResource vXResourceDB:vXResourceList.getVXResources()){
+				if(vXResourceDB!=null){
+					vXResource.setId(vXResourceDB.getId());
+					vXResource.setPolicyName(vXResourceDB.getPolicyName());
+					break;
+				}
+			}			
+		}		
+		
+		//update addedby and updated by in permmap and auditmap
+		List<VXPermMap> permMapList=vXResource.getPermMapList();
+		List<VXAuditMap> auditMapList = vXResource.getAuditList();
+		VXPermMap vXPermMapTemp=null;
+		VXAuditMap vXAuditMapTemp=null;
+		XXUser xxUser=null;
+		XXGroup xxGroup=null;
+		for (int i=0;i< permMapList.size();i++) {
+			vXPermMapTemp=permMapList.get(i);
+			if(vXPermMapTemp==null){
+				continue;
+			}
+			if(stringUtil.isEmpty(vXPermMapTemp.getOwner())){
+				vXPermMapTemp.setOwner(vXResource.getOwner());
+			}
+			if(stringUtil.isEmpty(vXPermMapTemp.getUpdatedBy())){ 
+				vXPermMapTemp.setUpdatedBy(vXResource.getUpdatedBy());
+			}
+			if(vXPermMapTemp.getPermFor()==AppConstants.XA_PERM_FOR_USER){
+				if(vXPermMapTemp.getUserId()==null && !stringUtil.isEmpty(vXPermMapTemp.getUserName())){
+					xxUser = xADaoManager.getXXUser().findByUserName(vXPermMapTemp.getUserName());
+					if (xxUser != null) {
+						vXPermMapTemp.setUserId(xxUser.getId());
+					} else{
+						throw restErrorUtil.createRESTException("User : "+ vXPermMapTemp.getUserName() + " is Not Found",
+								MessageEnums.DATA_NOT_FOUND);
+					}
+				}
+			}
+			if(vXPermMapTemp.getPermFor()==AppConstants.XA_PERM_FOR_GROUP){
+				if(vXPermMapTemp.getGroupId()==null && !stringUtil.isEmpty(vXPermMapTemp.getGroupName())){
+					xxGroup = xADaoManager.getXXGroup().findByGroupName(
+							vXPermMapTemp.getGroupName());
+					if (xxGroup != null) {
+						vXPermMapTemp.setGroupId(xxGroup.getId());
+					}else{
+						throw restErrorUtil.createRESTException("Group : "+ vXPermMapTemp.getGroupName() + " is Not Found",
+								MessageEnums.DATA_NOT_FOUND);
+					} 
+				}
+			}
+			permMapList.set(i, vXPermMapTemp);				
+		}			
+		for (int i=0;i< auditMapList.size();i++) {
+			vXAuditMapTemp=auditMapList.get(i);
+			if(vXAuditMapTemp!=null && stringUtil.isEmpty(vXAuditMapTemp.getOwner())){
+				vXAuditMapTemp.setOwner(vXResource.getOwner());
+			}
+			if(vXAuditMapTemp!=null && stringUtil.isEmpty(vXAuditMapTemp.getUpdatedBy())){ 
+				vXAuditMapTemp.setUpdatedBy(vXResource.getUpdatedBy());
+			}
+			auditMapList.set(i, vXAuditMapTemp);
+		}
+		vXResource.setPermMapList(permMapList);
+		vXResource.setAuditList(auditMapList);		
+		
+		//create 	
+		List<XXTrxLog> trxLogList=null ;
+		if(vXResourceList==null || vXResourceList.getListSize()==0){			
+			vXResource = xResourceService.createResource(vXResource);
+			List<VXPermMap> newPermMapList = vXResource.getPermMapList();
+			List<VXAuditMap> newAuditMapList = vXResource.getAuditList();
+			trxLogList= xResourceService.getTransactionLog(vXResource, "create");	
+			for (VXPermMap vXPermMap : newPermMapList) {
+				trxLogList.addAll(xPermMapService.getTransactionLog(vXPermMap,
+						"create"));
+			}
+			for (VXAuditMap vXAuditMap : newAuditMapList) {
+				trxLogList.addAll(xAuditMapService.getTransactionLog(vXAuditMap,
+						"create"));
+			}			
+		}
+		
+		//update case
+		if(vXResourceList!=null && vXResourceList.getListSize()>0){
+			XXResource xXResource = xADaoManager.getXXResource().getById(vXResource.getId());
+			vXResource.setCreateDate(xXResource.getCreateTime());
+			vXResource.setUpdateDate(xXResource.getUpdateTime());
+			trxLogList = xResourceService.getTransactionLog(vXResource, xXResource, "update");
+			//VXResource resource = super.updateXResource(vXResource);			
+			searchCriteria = new SearchCriteria();
+			searchCriteria.addParam("resourceId", vXResource.getId());
+			VXPermMapList prevPermMaps = xPermMapService.searchXPermMaps(searchCriteria);
+			List<VXPermMap> prevPermMapList = new ArrayList<VXPermMap>();
+			List<VXPermMap> newPermMapList = vXResource.getPermMapList();
+			List<VXPermMap> permMapsAdded = new ArrayList<VXPermMap>();
+			//List<VXAuditMap> prevAuditMapList = new ArrayList<VXAuditMap>();			
+			if (prevPermMaps != null) {
+				prevPermMapList = prevPermMaps.getVXPermMaps();
+			}
+			// permission deletion processing start
+			String newKey=null;
+			String oldKey=null;
+			boolean isFound=false;
+			VXPermMap newObj=null;
+			VXPermMap oldObj =null;
+			if (newPermMapList != null && prevPermMapList!=null) {
+				for (int i=0;i<newPermMapList.size();i++) {
+					newObj=newPermMapList.get(i);
+					newObj.setResourceId(vXResource.getId());
+					isFound=false;
+					if(newObj==null||newObj.getResourceId()==null||newObj.getPermFor()==0||newObj.getPermType()==0 || (newObj.getUserId()==null&&newObj.getGroupId()==null)){
+						continue;					
+					}
+					newKey=null;
+					if(newObj.getPermFor()==AppConstants.XA_PERM_FOR_USER){
+						newKey=newObj.getResourceId()+"_"+newObj.getPermFor()+"_"+newObj.getUserId()+"_"+newObj.getPermType();
+					}
+					if(newObj.getPermFor()==AppConstants.XA_PERM_FOR_GROUP){
+						newKey=newObj.getResourceId()+"_"+newObj.getPermFor()+"_"+newObj.getGroupId()+"_"+newObj.getPermType();
+					}	
+					isFound=false;
+					oldObj =null;
+					for (int j=0;j<prevPermMapList.size();j++) {
+						oldObj=prevPermMapList.get(j);
+						if(oldObj==null||oldObj.getResourceId()==null||oldObj.getPermFor()==0||oldObj.getPermType()==0|| (oldObj.getUserId()==null&&oldObj.getGroupId()==null)){
+							continue;					
+						}
+						oldKey=null;
+						if(oldObj.getPermFor()==AppConstants.XA_PERM_FOR_USER){
+							oldKey=oldObj.getResourceId()+"_"+oldObj.getPermFor()+"_"+oldObj.getUserId()+"_"+oldObj.getPermType();
+						}
+						if(oldObj.getPermFor()==AppConstants.XA_PERM_FOR_GROUP){
+							oldKey=oldObj.getResourceId()+"_"+oldObj.getPermFor()+"_"+oldObj.getGroupId()+"_"+oldObj.getPermType();
+						}
+						if(stringUtil.isEmpty(newKey)|| stringUtil.isEmpty(oldKey)){
+							continue;
+						}
+						if(newKey.equals(oldKey)){
+							isFound=true;	
+							break;
+						}
+					}//inner for
+					if(!isFound){
+						newObj = xPermMapService.createResource(newObj);
+						trxLogList.addAll(xPermMapService.getTransactionLog(newObj,"create"));
+						permMapsAdded.add(newObj);
+					}
+				}//outer for			
+			}// delete permissions list populate end
+			else{
+				throw restErrorUtil.createRESTException("No permission list received for with current grant request",MessageEnums.DATA_NOT_FOUND);
+			}
+			if(prevPermMapList!=null && permMapsAdded!=null){
+				for(VXPermMap vXPermMap:permMapsAdded){
+					prevPermMapList.add(vXPermMap);
+				}
+				if(permMapsAdded.size()>0){
+					vXResource.setUpdateDate(DateUtil.getUTCDate());
+				}
+			}			
+			vXResource.setPermMapList(prevPermMapList);			
+			//resource.setAuditList(prevAuditMapList);
+		}//update close
+		
+		//update addedby and updatedby for trx log
+		XXTrxLog xXTrxLog=null;
+		if(trxLogList!=null){
+			for (int i=0;i< trxLogList.size();i++) {
+				xXTrxLog=trxLogList.get(i);
+				if(xXTrxLog!=null){
+					if(xXTrxLog.getAddedByUserId()==null || xXTrxLog.getAddedByUserId()==0){
+						xXTrxLog.setAddedByUserId(xXPortalUser.getId());
+					}
+					if(xXTrxLog.getUpdatedByUserId()==null || xXTrxLog.getUpdatedByUserId()==0){
+						xXTrxLog.setUpdatedByUserId(xXPortalUser.getId());
+					}
+				}
+				trxLogList.set(i, xXTrxLog);				
+			}
+		}		
+		xaBizUtil.createTrxLog(trxLogList);	
+
+		return vXResource;
+	}
+	
+	public VXResource revokeXResource(VXResource vXResource) {
+		if(vXResource==null){
+			return vXResource;
+		}
+		//checks user exists or not
+		XXUser xUser = xADaoManager.getXXUser().findByUserName(vXResource.getOwner());		
+		if(xUser==null){
+			throw restErrorUtil.createRESTException("User " +vXResource.getOwner() + " is Not Found",
+					MessageEnums.DATA_NOT_FOUND);
+		}
+		XXPortalUser xXPortalUser= xADaoManager.getXXPortalUser().findByLoginId(vXResource.getOwner());		
+		if(xXPortalUser==null){
+			throw restErrorUtil.createRESTException("User " +vXResource.getOwner() + " is Not Found",
+					MessageEnums.DATA_NOT_FOUND);
+		}
+		
+		//checks repository exists or not
+		XXAsset xAsset = xADaoManager.getXXAsset().findByAssetName(vXResource.getAssetName());
+		if (xAsset == null) {
+			logger.error("Repository not found for asset : " + vXResource.getAssetName());
+			throw restErrorUtil.createRESTException("Repository for which"
+					+ " the policy is created, doesn't exist.",MessageEnums.DATA_NOT_FOUND);
+		}	
+		//checks repository active or not
+		if(xAsset.getActiveStatus()==XACommonEnums.ACT_STATUS_DISABLED){			
+				logger.error("Trying to delete policy in disabled repository");
+				throw restErrorUtil.createRESTException("revoke "
+						+ " not allowed in disabled repository",MessageEnums.OPER_NO_PERMISSION);
+			
+		}
+		vXResource.setAssetId(xAsset.getId());
+		vXResource.setAssetType(xAsset.getAssetType());
+		//create resource name/path for HIVE/Hbase policy.
+		if (xAsset.getAssetType() == AppConstants.ASSET_HIVE) {
+			createResourcePathForHive(vXResource);
+		} else if (xAsset.getAssetType() == AppConstants.ASSET_HBASE) {
+			createResourcePathForHbase(vXResource);
+		}else{
+			logger.error("Invalid repository type for grant operation : ");
+			throw restErrorUtil.createRESTException(vXResource.getAssetName() +" is not a " 
+					+ " valid repository for revoke operation",MessageEnums.OPER_NO_PERMISSION);
+		}
+		
+		//check whether resource exist or not
+		SearchCriteria searchCriteria=new SearchCriteria();
+		if (xAsset.getAssetType() == AppConstants.ASSET_HIVE) {
+			searchCriteria.getParamList().put("assetId", vXResource.getAssetId());
+			searchCriteria.getParamList().put("fullname", vXResource.getName());
+			searchCriteria.getParamList().put("udfs", vXResource.getUdfs());
+			searchCriteria.getParamList().put("tableType", vXResource.getTableType());
+			searchCriteria.getParamList().put("columnType", vXResource.getColumnType());
+		}else if (xAsset.getAssetType() == AppConstants.ASSET_HBASE) {
+			searchCriteria.getParamList().put("assetId", vXResource.getAssetId());
+			searchCriteria.getParamList().put("fullname", vXResource.getName());
+		}
+		
+		VXResourceList vXResourceList=xResourceService.searchXResourcesWithoutLogin(searchCriteria);			
+		//throw error if resource does not exist
+		if(vXResourceList==null || vXResourceList.getListSize()==0){
+			logger.error("Resource path not found : " + vXResource.getName());
+			throw restErrorUtil.createRESTException("Resource for which"
+					+ " revoke is requested, doesn't exist.",MessageEnums.DATA_NOT_FOUND);
+		}else{
+			for(VXResource vXResourceDB:vXResourceList.getVXResources()){
+				if(vXResourceDB!=null){
+					vXResource.setId(vXResourceDB.getId());
+					vXResource.setPolicyName(vXResourceDB.getPolicyName());
+					break;
+				}
+			}			
+		}
+		//check whether resource contains multiple path or not
+		if(!stringUtil.isEmpty(vXResource.getName())){
+			String[] resources=vXResource.getName().trim().split(",");
+			if(resources!=null && resources.length>1){
+				logger.error("More than one resource found for revoke operation in policy : " + vXResource.getName());
+				throw restErrorUtil.createRESTException("We did not find exact match for this resource : " + vXResource.getName(),MessageEnums.INVALID_INPUT_DATA);
+			}
+		}else{
+			throw restErrorUtil.createRESTException("Invalid Resource Name : " + vXResource.getName(),MessageEnums.INVALID_INPUT_DATA);
+		}
+		
+		//checks grantor is admin in resource or not
+		List<XXPortalUserRole> xXPortalUserRoleList = xADaoManager.getXXPortalUserRole().findByParentId(xXPortalUser.getId());
+		List<XXResource> xResourceList=xADaoManager.getXXResource().findByAssetId(xAsset.getId());		
+		if(xResourceList!=null){
+			boolean isAdmin=false;
+			if(xXPortalUserRoleList!=null && xXPortalUserRoleList.size()>0){
+				for(XXPortalUserRole xXPortalUserRole: xXPortalUserRoleList){
+					if(xXPortalUserRole.getUserRole().equalsIgnoreCase(XAConstants.ROLE_SYS_ADMIN)){
+						isAdmin=true;
+						break;
+					}
+				}
+			}			
+			if(!isAdmin){
+				if (xAsset.getAssetType() == AppConstants.ASSET_HIVE) {
+					String[] requestResNameList = vXResource.getName().trim().split(",");
+					if (stringUtil.isEmpty(vXResource.getUdfs())) {
+						int reqTableType = vXResource.getTableType();
+						int reqColumnType = vXResource.getColumnType();
+						for (String resourceName : requestResNameList) {
+							isAdmin=xaBizUtil.matchHivePolicy(resourceName,xResourceList, xUser.getId(),AppConstants.XA_PERM_TYPE_ADMIN,reqTableType,reqColumnType, false);
+							if (isAdmin) {
+								break;
+							}
+						}
+					} else {
+						for (String resourceName : requestResNameList) {
+							isAdmin=xaBizUtil.matchHivePolicy(resourceName,xResourceList, xUser.getId(),AppConstants.XA_PERM_TYPE_ADMIN);
+							if (isAdmin) {
+								break;
+							}
+						}
+					}						
+				}else if (xAsset.getAssetType() == AppConstants.ASSET_HBASE) {
+					isAdmin=xaBizUtil.matchHbasePolicy(vXResource.getName(),xResourceList,null, xUser.getId(),AppConstants.XA_PERM_TYPE_ADMIN);
+				}
+			}
+			if (!isAdmin) {
+				throw restErrorUtil.createRESTException("You're not permitted to perform "
+							+ "revoke operation for resource path : " + vXResource.getName(),MessageEnums.OPER_NO_PERMISSION);
+			}
+		}				
+		
+		//update addedby and updated by in permmap and auditmap			
+		List<VXPermMap> permMapList = vXResource.getPermMapList();	
+		if(permMapList==null || permMapList.size()==0){
+			throw restErrorUtil.createRESTException("No permission list received for with current revoke request",MessageEnums.DATA_NOT_FOUND);
+		}
+		VXPermMap vXPermMapTemp=null;		
+		XXUser xxUser =null;
+		XXGroup xxGroup =null;
+		for (int i=0;i< permMapList.size();i++) {
+			vXPermMapTemp=permMapList.get(i);
+			if(vXPermMapTemp!=null){
+				vXPermMapTemp.setResourceId(vXResource.getId());			
+				if(stringUtil.isEmpty(vXPermMapTemp.getOwner())){
+					vXPermMapTemp.setOwner(vXResource.getOwner());
+				}
+				if(stringUtil.isEmpty(vXPermMapTemp.getUpdatedBy())){
+					vXPermMapTemp.setUpdatedBy(vXResource.getUpdatedBy());
+				}
+				if(vXPermMapTemp.getPermFor()==AppConstants.XA_PERM_FOR_USER){
+					if(vXPermMapTemp.getUserId()==null && !stringUtil.isEmpty(vXPermMapTemp.getUserName())){
+						xxUser = xADaoManager.getXXUser().findByUserName(vXPermMapTemp.getUserName());
+						if (xxUser != null) {
+							vXPermMapTemp.setUserId(xxUser.getId());
+						} else{
+							throw restErrorUtil.createRESTException("User : "+ vXPermMapTemp.getUserName() + " is Not Found",
+									MessageEnums.DATA_NOT_FOUND);
+						}
+					}
+				}
+				if(vXPermMapTemp.getPermFor()==AppConstants.XA_PERM_FOR_GROUP){
+					if(vXPermMapTemp.getGroupId()==null && !stringUtil.isEmpty(vXPermMapTemp.getGroupName())){
+						xxGroup = xADaoManager.getXXGroup().findByGroupName(
+								vXPermMapTemp.getGroupName());
+						if (xxGroup != null) {
+							vXPermMapTemp.setGroupId(xxGroup.getId());
+						}else{
+							throw restErrorUtil.createRESTException("Group : "+ vXPermMapTemp.getGroupName() + " is Not Found",
+									MessageEnums.DATA_NOT_FOUND);
+						} 
+					}
+				}		
+			}	
+			permMapList.set(i, vXPermMapTemp);	
+		}		
+		vXResource.setPermMapList(permMapList);
+		
+		//permission deletion preprocessing
+		XXResource xResource = xADaoManager.getXXResource().getById(
+				vXResource.getId());
+		vXResource.setCreateDate(xResource.getCreateTime());
+		vXResource.setUpdateDate(xResource.getUpdateTime());
+		List<XXTrxLog> trxLogList = xResourceService.getTransactionLog(
+				vXResource, xResource, "delete");
+
+		List<VXPermMap> newPermMapList = vXResource.getPermMapList();
+		List<VXPermMap> prevPermMapList = new ArrayList<VXPermMap>();
+		List<VXPermMap> permMapsToDelete = new ArrayList<VXPermMap>();
+		searchCriteria = new SearchCriteria();
+		searchCriteria.addParam("resourceId", vXResource.getId());
+		VXPermMapList prevPermMaps = xPermMapService.searchXPermMaps(searchCriteria);		
+		if (prevPermMaps != null) {
+			prevPermMapList = prevPermMaps.getVXPermMaps();
+		}		
+		// permission deletion processing start
+		String newKey=null;
+		String oldKey=null;
+		boolean isFound=false;
+		VXPermMap newObj=null;
+		VXPermMap oldObj=null;
+		if (newPermMapList != null && prevPermMapList!=null) {
+			for (int i=0;i<newPermMapList.size();i++) {
+				newObj=newPermMapList.get(i);				
+				if(newObj==null||newObj.getResourceId()==null||newObj.getPermFor()==0||newObj.getPermType()==0 || (newObj.getUserId()==null&&newObj.getGroupId()==null)){
+					continue;					
+				}
+				newKey=null;
+				if(newObj.getPermFor()==AppConstants.XA_PERM_FOR_USER){
+					newKey=newObj.getResourceId()+"_"+newObj.getPermFor()+"_"+newObj.getUserId()+"_"+newObj.getPermType();
+				}
+				if(newObj.getPermFor()==AppConstants.XA_PERM_FOR_GROUP){
+					newKey=newObj.getResourceId()+"_"+newObj.getPermFor()+"_"+newObj.getGroupId()+"_"+newObj.getPermType();
+				}	
+				isFound=false;
+				oldObj=null;
+				for (int j=0;j<prevPermMapList.size();j++) {
+					oldObj=prevPermMapList.get(j);
+					if(oldObj==null||oldObj.getResourceId()==null||oldObj.getPermFor()==0||oldObj.getPermType()==0|| (oldObj.getUserId()==null&&oldObj.getGroupId()==null)){
+						continue;					
+					}
+					oldKey=null;
+					if(oldObj.getPermFor()==AppConstants.XA_PERM_FOR_USER){
+						oldKey=oldObj.getResourceId()+"_"+oldObj.getPermFor()+"_"+oldObj.getUserId()+"_"+oldObj.getPermType();
+					}
+					if(oldObj.getPermFor()==AppConstants.XA_PERM_FOR_GROUP){
+						oldKey=oldObj.getResourceId()+"_"+oldObj.getPermFor()+"_"+oldObj.getGroupId()+"_"+oldObj.getPermType();
+					}
+					if(stringUtil.isEmpty(newKey)|| stringUtil.isEmpty(oldKey)){
+						continue;
+					}
+					if(newKey.equals(oldKey)){
+						isFound=true;
+						prevPermMapList.remove(j);
+						break;
+					}
+				}//inner for
+				if(oldObj!=null){
+					if(isFound){					
+						permMapsToDelete.add(oldObj);
+					}
+				}
+			}//outer for			
+		}// delete permissions list populate end		
+
+		for (VXPermMap permMap : permMapsToDelete) {
+			if(permMap!=null){
+				xPermMapService.deleteResource(permMap.getId());
+				trxLogList.addAll(xPermMapService.getTransactionLog(permMap,"delete"));
+			}
+		}//permission deletion processing end
+		
+		if(permMapsToDelete.size()>0){
+			vXResource.setUpdateDate(DateUtil.getUTCDate());
+		}
+		//update addedby and updatedby for trx log
+		XXTrxLog xXTrxLog=null;
+		if(trxLogList!=null){
+			for (int i=0;i< trxLogList.size();i++) {
+				xXTrxLog=trxLogList.get(i);
+				if(xXTrxLog!=null){
+					if(xXTrxLog.getAddedByUserId()==null || xXTrxLog.getAddedByUserId()==0){
+						xXTrxLog.setAddedByUserId(xXPortalUser.getId());
+					}
+					if(xXTrxLog.getUpdatedByUserId()==null || xXTrxLog.getUpdatedByUserId()==0){
+						xXTrxLog.setUpdatedByUserId(xXPortalUser.getId());
+					}
+				}
+				trxLogList.set(i, xXTrxLog);				
+			}
+		}
+		
+		xaBizUtil.createTrxLog(trxLogList);		
+		vXResource.setPermMapList(prevPermMapList);		
+		
+		return vXResource;
+	}
 }

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/42748388/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java b/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
index dc5780d..d86ac27 100644
--- a/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
+++ b/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
@@ -586,10 +586,18 @@ public class XABizUtil {
 	 * @param permission
 	 * @return
 	 */
-	private boolean matchHbasePolicy(String resourceName,
+	public boolean matchHbasePolicy(String resourceName,
 			List<XXResource> xResourceList, VXResponse vXResponse, Long xUserId,
 			int permission) {
-
+		if(stringUtil.isEmpty(resourceName)){
+			return false;
+		}
+		if(xResourceList==null){
+			return false;
+		}
+		if(xUserId==null){
+			return false;
+		}		
 		String[] splittedResources = stringUtil.split(resourceName,
 				File.separator);
 		int numberOfResources = splittedResources.length;
@@ -670,7 +678,7 @@ public class XABizUtil {
 		return policyMatched;
 	}
 
-	private boolean matchHivePolicy(String resourceName,
+	public boolean matchHivePolicy(String resourceName,
 			List<XXResource> xResourceList, Long xUserId, int permission) {
 		return matchHivePolicy(resourceName, xResourceList, xUserId,
 				permission, 0, 0, true);
@@ -688,10 +696,18 @@ public class XABizUtil {
 	 * @param isUdfPolicy
 	 * @return
 	 */
-	private boolean matchHivePolicy(String resourceName,
+	public boolean matchHivePolicy(String resourceName,
 			List<XXResource> xResourceList, Long xUserId, int permission,
 			int reqTableType, int reqColumnType, boolean isUdfPolicy) {
-
+		if(stringUtil.isEmpty(resourceName)){
+			return false;
+		}
+		if(xResourceList==null){
+			return false;
+		}
+		if(xUserId==null){
+			return false;
+		}
 		String[] splittedResources = stringUtil.split(resourceName,
 				File.separator);// get list of resources
 		int numberOfResources = splittedResources.length;

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/42748388/security-admin/src/main/java/com/xasecure/rest/AssetREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/rest/AssetREST.java b/security-admin/src/main/java/com/xasecure/rest/AssetREST.java
index 840c99a..5d21f93 100644
--- a/security-admin/src/main/java/com/xasecure/rest/AssetREST.java
+++ b/security-admin/src/main/java/com/xasecure/rest/AssetREST.java
@@ -37,11 +37,13 @@ import com.xasecure.common.XACommonEnums;
 import com.xasecure.common.XASearchUtil;
 import com.xasecure.common.annotation.XAAnnotationClassName;
 import com.xasecure.common.annotation.XAAnnotationJSMgrName;
+import com.xasecure.service.AbstractBaseResourceService;
 import com.xasecure.service.XAccessAuditService;
 import com.xasecure.service.XAgentService;
 import com.xasecure.service.XAssetService;
 import com.xasecure.service.XCredentialStoreService;
 import com.xasecure.service.XPolicyExportAuditService;
+import com.xasecure.service.XPolicyService;
 import com.xasecure.service.XResourceService;
 import com.xasecure.service.XTrxLogService;
 import com.xasecure.view.VXAccessAuditList;
@@ -50,6 +52,7 @@ import com.xasecure.view.VXAssetList;
 import com.xasecure.view.VXCredentialStore;
 import com.xasecure.view.VXCredentialStoreList;
 import com.xasecure.view.VXLong;
+import com.xasecure.view.VXPermMap;
 import com.xasecure.view.VXPolicy;
 import com.xasecure.view.VXPolicyExportAuditList;
 import com.xasecure.view.VXResource;
@@ -78,6 +81,9 @@ public class AssetREST {
 
 	@Autowired
 	XResourceService xResourceService;
+	
+	@Autowired
+	XPolicyService xPolicyService;
 
 	@Autowired
 	XCredentialStoreService xCredentialStoreService;
@@ -555,8 +561,27 @@ public class AssetREST {
 	@Path("/resources/grant")
 	@Produces({ "application/xml", "application/json" })	
 	public VXPolicy grantPermission(@Context HttpServletRequest request,VXPolicy vXPolicy) {
-		//TODO:https and certificate check
-		//TODO:grant permissions
+		boolean httpEnabled = PropertiesUtil.getBooleanProperty("http.enabled",true);
+		X509Certificate[] certchain = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
+		String ipAddress = request.getHeader("X-FORWARDED-FOR");  
+		if (ipAddress == null) {  
+			ipAddress = request.getRemoteAddr();
+		}
+		boolean isSecure = request.isSecure();
+		String repository=null;
+		if(vXPolicy!=null){
+			repository=vXPolicy.getRepositoryName();
+			vXPolicy.setOwner(vXPolicy.getGrantor());	
+			vXPolicy.setUpdatedBy(vXPolicy.getGrantor());
+		}
+		boolean isValidAuthentication=assetMgr.isValidHttpsAuthentication(repository,certchain,httpEnabled,ipAddress,isSecure);
+		if(isValidAuthentication){			
+			VXResource vXResource = xPolicyService.mapPublicToXAObject(vXPolicy,AbstractBaseResourceService.OPERATION_CREATE_CONTEXT);
+			vXResource=assetMgr.grantXResource(vXResource);
+			vXResource.setPermMapList(xPolicyService.updatePermGroup(vXResource));
+			vXPolicy=xPolicyService.mapXAToPublicObject(vXResource);	
+			vXPolicy.syncResponseWithJsonRequest();			
+		}
 		return vXPolicy;
 	}
 	
@@ -564,8 +589,27 @@ public class AssetREST {
 	@Path("/resources/revoke")
 	@Produces({ "application/xml", "application/json" })	
 	public VXPolicy revokePermission(@Context HttpServletRequest request,VXPolicy vXPolicy) {
-		//TODO:https and certificate check
-		//TODO:revoke permissions
+		boolean httpEnabled = PropertiesUtil.getBooleanProperty("http.enabled",true);
+		X509Certificate[] certchain = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate");
+		String ipAddress = request.getHeader("X-FORWARDED-FOR");  
+		if (ipAddress == null) {  
+			ipAddress = request.getRemoteAddr();
+		}
+		boolean isSecure = request.isSecure();
+		String repository=null;
+		if(vXPolicy!=null){
+			repository=vXPolicy.getRepositoryName();
+			vXPolicy.setOwner(vXPolicy.getGrantor());	
+			vXPolicy.setUpdatedBy(vXPolicy.getGrantor());
+		}
+		boolean isValidAuthentication=assetMgr.isValidHttpsAuthentication(repository,certchain,httpEnabled,ipAddress,isSecure);
+		if(isValidAuthentication){		
+			VXResource vXResource = xPolicyService.mapPublicToXAObject(vXPolicy,AbstractBaseResourceService.OPERATION_CREATE_CONTEXT);
+			vXResource=assetMgr.revokeXResource(vXResource);
+			vXResource.setPermMapList(xPolicyService.updatePermGroup(vXResource));
+			vXPolicy=xPolicyService.mapXAToPublicObject(vXResource);			
+			vXPolicy.syncResponseWithJsonRequest();		
+		}
 		return vXPolicy;
 	}
 }

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/42748388/security-admin/src/main/java/com/xasecure/service/XAuditMapService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/service/XAuditMapService.java b/security-admin/src/main/java/com/xasecure/service/XAuditMapService.java
index be43105..d5dd59a 100644
--- a/security-admin/src/main/java/com/xasecure/service/XAuditMapService.java
+++ b/security-admin/src/main/java/com/xasecure/service/XAuditMapService.java
@@ -121,4 +121,49 @@ public class XAuditMapService extends
 		return trxLogList;
 	}
 
+	@Override
+	protected XXAuditMap mapViewToEntityBean(VXAuditMap vObj, XXAuditMap mObj, int OPERATION_CONTEXT) {
+		super.mapViewToEntityBean(vObj, mObj, OPERATION_CONTEXT);
+		if(vObj!=null && mObj!=null){
+			XXPortalUser xXPortalUser=null;
+			if(mObj.getAddedByUserId()==null || mObj.getAddedByUserId()==0){
+				if(!stringUtil.isEmpty(vObj.getOwner())){
+					xXPortalUser=xADaoManager.getXXPortalUser().findByLoginId(vObj.getOwner());	
+					if(xXPortalUser!=null){
+						mObj.setAddedByUserId(xXPortalUser.getId());
+					}
+				}
+			}
+			if(mObj.getUpdatedByUserId()==null || mObj.getUpdatedByUserId()==0){
+				if(!stringUtil.isEmpty(vObj.getUpdatedBy())){
+					xXPortalUser= xADaoManager.getXXPortalUser().findByLoginId(vObj.getUpdatedBy());			
+					if(xXPortalUser!=null){
+						mObj.setUpdatedByUserId(xXPortalUser.getId());
+					}		
+				}
+			}
+		}
+		return mObj;
+	}
+
+	@Override
+	protected VXAuditMap mapEntityToViewBean(VXAuditMap vObj, XXAuditMap mObj) {
+		super.mapEntityToViewBean(vObj, mObj);
+		if(mObj!=null && vObj!=null){
+			XXPortalUser xXPortalUser=null;
+			if(stringUtil.isEmpty(vObj.getOwner())){
+				xXPortalUser= xADaoManager.getXXPortalUser().getById(mObj.getAddedByUserId());	
+				if(xXPortalUser!=null){
+					vObj.setOwner(xXPortalUser.getLoginId());
+				}
+			}
+			if(stringUtil.isEmpty(vObj.getUpdatedBy())){
+				xXPortalUser= xADaoManager.getXXPortalUser().getById(mObj.getUpdatedByUserId());		
+				if(xXPortalUser!=null){
+					vObj.setUpdatedBy(xXPortalUser.getLoginId());
+				}
+			}
+		}
+		return vObj;
+	}
 }

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/42748388/security-admin/src/main/java/com/xasecure/service/XPermMapService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/service/XPermMapService.java b/security-admin/src/main/java/com/xasecure/service/XPermMapService.java
index 143e51b..c20cfa8 100644
--- a/security-admin/src/main/java/com/xasecure/service/XPermMapService.java
+++ b/security-admin/src/main/java/com/xasecure/service/XPermMapService.java
@@ -234,4 +234,50 @@ public class XPermMapService extends XPermMapServiceBase<XXPermMap, VXPermMap> {
 		
 		return trxLogList;
 	}
+	
+	@Override
+	protected XXPermMap mapViewToEntityBean(VXPermMap vObj, XXPermMap mObj, int OPERATION_CONTEXT) {
+		super.mapViewToEntityBean(vObj, mObj, OPERATION_CONTEXT);
+		if(vObj!=null && mObj!=null){
+			XXPortalUser xXPortalUser=null;
+			if(mObj.getAddedByUserId()==null || mObj.getAddedByUserId()==0){
+				if(!stringUtil.isEmpty(vObj.getOwner())){
+					xXPortalUser=xADaoManager.getXXPortalUser().findByLoginId(vObj.getOwner());	
+					if(xXPortalUser!=null){
+						mObj.setAddedByUserId(xXPortalUser.getId());
+					}
+				}
+			}
+			if(mObj.getUpdatedByUserId()==null || mObj.getUpdatedByUserId()==0){
+				if(!stringUtil.isEmpty(vObj.getUpdatedBy())){
+					xXPortalUser= xADaoManager.getXXPortalUser().findByLoginId(vObj.getUpdatedBy());			
+					if(xXPortalUser!=null){
+						mObj.setUpdatedByUserId(xXPortalUser.getId());
+					}		
+				}
+			}
+		}
+		return mObj;
+	}
+
+	@Override
+	protected VXPermMap mapEntityToViewBean(VXPermMap vObj, XXPermMap mObj) {
+		super.mapEntityToViewBean(vObj, mObj);
+		if(mObj!=null && vObj!=null){
+			XXPortalUser xXPortalUser=null;
+			if(stringUtil.isEmpty(vObj.getOwner())){
+				xXPortalUser= xADaoManager.getXXPortalUser().getById(mObj.getAddedByUserId());	
+				if(xXPortalUser!=null){
+					vObj.setOwner(xXPortalUser.getLoginId());
+				}
+			}
+			if(stringUtil.isEmpty(vObj.getUpdatedBy())){
+				xXPortalUser= xADaoManager.getXXPortalUser().getById(mObj.getUpdatedByUserId());		
+				if(xXPortalUser!=null){
+					vObj.setUpdatedBy(xXPortalUser.getLoginId());
+				}
+			}
+		}
+		return vObj;
+	}
 }

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/42748388/security-admin/src/main/java/com/xasecure/service/XPolicyService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/service/XPolicyService.java b/security-admin/src/main/java/com/xasecure/service/XPolicyService.java
index f18869d..0b2cf2f 100644
--- a/security-admin/src/main/java/com/xasecure/service/XPolicyService.java
+++ b/security-admin/src/main/java/com/xasecure/service/XPolicyService.java
@@ -180,7 +180,7 @@ public class XPolicyService extends PublicAPIServiceBase<VXResource, VXPolicy> {
 			vXResource.setPermMapList(permMapList);
 
 		} else if (operationContext == AbstractBaseResourceService.OPERATION_CREATE_CONTEXT) {
-
+		
 			if (vXPolicy.isAuditEnabled()) {
 				VXAuditMap vXAuditMap = new VXAuditMap();
 				vXAuditMap.setAuditType(AppConstants.XA_AUDIT_TYPE_ALL);
@@ -387,17 +387,14 @@ public class XPolicyService extends PublicAPIServiceBase<VXResource, VXPolicy> {
 
 			for (VXPermMap permMap : permListForGrp) {
 				if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_USER) {
-					userList.add(permMap.getUserName());
-				} else if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_GROUP) {
-					groupList.add(permMap.getGroupName());
 					if (!userList.contains(permMap.getUserName())) {
 						userList.add(permMap.getUserName());
 					}
 				} else if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_GROUP) {
 					if (!groupList.contains(permMap.getGroupName())) {
 						groupList.add(permMap.getGroupName());
-					}
-				}
+					}					
+				} 
 				String perm = AppConstants.getLabelFor_XAPermType(permMap
 						.getPermType());
 				if (!permList.contains(perm)) {

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/42748388/security-admin/src/main/java/com/xasecure/service/XResourceService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/service/XResourceService.java b/security-admin/src/main/java/com/xasecure/service/XResourceService.java
index 94395e3..babe37d 100644
--- a/security-admin/src/main/java/com/xasecure/service/XResourceService.java
+++ b/security-admin/src/main/java/com/xasecure/service/XResourceService.java
@@ -385,6 +385,26 @@ public class XResourceService extends
 	protected XXResource mapViewToEntityBean(VXResource vObj, XXResource mObj, int OPERATION_CONTEXT) {
 		super.mapViewToEntityBean(vObj, mObj, OPERATION_CONTEXT);
 		mObj.setUdfs(vObj.getUdfs());
+		if(vObj!=null && mObj!=null){
+			XXPortalUser xXPortalUser= null;
+			if(mObj.getAddedByUserId()==null || mObj.getAddedByUserId()==0){
+				if(!stringUtil.isEmpty(vObj.getOwner())){
+					xXPortalUser=xADaoManager.getXXPortalUser().findByLoginId(vObj.getOwner());	
+					if(xXPortalUser!=null){
+						mObj.setAddedByUserId(xXPortalUser.getId());
+					}
+				}
+			}
+			if(mObj.getUpdatedByUserId()==null || mObj.getUpdatedByUserId()==0){
+				if(!stringUtil.isEmpty(vObj.getUpdatedBy())){
+					xXPortalUser= xADaoManager.getXXPortalUser().findByLoginId(vObj.getUpdatedBy());			
+					if(xXPortalUser!=null){
+						mObj.setUpdatedByUserId(xXPortalUser.getId());
+					}		
+				}
+			}
+			
+		}
 		return mObj;
 	}
 
@@ -393,6 +413,21 @@ public class XResourceService extends
 		super.mapEntityToViewBean(vObj, mObj);
 		vObj.setUdfs(mObj.getUdfs());
 		populateAssetProperties(vObj);
+		if(mObj!=null && vObj!=null){			
+			XXPortalUser xXPortalUser= null;
+			if(stringUtil.isEmpty(vObj.getOwner())){
+				xXPortalUser=xADaoManager.getXXPortalUser().getById(mObj.getAddedByUserId());		
+				if(xXPortalUser!=null){
+					vObj.setOwner(xXPortalUser.getLoginId());
+				}
+			}
+			if(stringUtil.isEmpty(vObj.getUpdatedBy())){
+				xXPortalUser= xADaoManager.getXXPortalUser().getById(mObj.getUpdatedByUserId());		
+				if(xXPortalUser!=null){
+					vObj.setUpdatedBy(xXPortalUser.getLoginId());
+				}	
+			}
+		}
 		return vObj;
 	}
 
@@ -1022,4 +1057,14 @@ public class XResourceService extends
 		populateAuditList(vXResource);
 		return vXResource;
 	}
+	
+	public VXResourceList searchXResourcesWithoutLogin(SearchCriteria searchCriteria) {	
+		VXResourceList returnList = super.searchXResources(searchCriteria);		
+		if(returnList!=null && returnList.getResultSize()>0){
+			for (VXResource vXResource : returnList.getVXResources()) {
+				populateAuditList(vXResource);
+			}
+		}
+		return returnList;
+	}
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/42748388/security-admin/src/main/java/com/xasecure/service/XTrxLogService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/service/XTrxLogService.java b/security-admin/src/main/java/com/xasecure/service/XTrxLogService.java
index caf2bf4..993a034 100644
--- a/security-admin/src/main/java/com/xasecure/service/XTrxLogService.java
+++ b/security-admin/src/main/java/com/xasecure/service/XTrxLogService.java
@@ -393,4 +393,50 @@ public class XTrxLogService extends XTrxLogServiceBase<XXTrxLog, VXTrxLog> {
 		vXTrxLog.setTransactionId(vXXTrxLog.getTransactionId());
 		return vXTrxLog;
 	}
+	
+	@Override
+	protected XXTrxLog mapViewToEntityBean(VXTrxLog vObj, XXTrxLog mObj, int OPERATION_CONTEXT) {
+		super.mapViewToEntityBean(vObj, mObj, OPERATION_CONTEXT);
+		if(vObj!=null && mObj!=null){
+			XXPortalUser xXPortalUser=null;
+			if(mObj.getAddedByUserId()==null || mObj.getAddedByUserId()==0){
+				if(!stringUtil.isEmpty(vObj.getOwner())){
+					xXPortalUser=xADaoManager.getXXPortalUser().findByLoginId(vObj.getOwner());	
+					if(xXPortalUser!=null){
+						mObj.setAddedByUserId(xXPortalUser.getId());
+					}
+				}
+			}
+			if(mObj.getUpdatedByUserId()==null || mObj.getUpdatedByUserId()==0){
+				if(!stringUtil.isEmpty(vObj.getUpdatedBy())){
+					xXPortalUser= xADaoManager.getXXPortalUser().findByLoginId(vObj.getUpdatedBy());			
+					if(xXPortalUser!=null){
+						mObj.setUpdatedByUserId(xXPortalUser.getId());
+					}		
+				}
+			}
+		}
+		return mObj;
+	}
+
+	@Override
+	protected VXTrxLog mapEntityToViewBean(VXTrxLog vObj, XXTrxLog mObj) {
+		super.mapEntityToViewBean(vObj, mObj);
+		if(mObj!=null && vObj!=null){
+			XXPortalUser xXPortalUser=null;
+			if(stringUtil.isEmpty(vObj.getOwner())){
+				xXPortalUser= xADaoManager.getXXPortalUser().getById(mObj.getAddedByUserId());	
+				if(xXPortalUser!=null){
+					vObj.setOwner(xXPortalUser.getLoginId());
+				}
+			}
+			if(stringUtil.isEmpty(vObj.getUpdatedBy())){
+				xXPortalUser= xADaoManager.getXXPortalUser().getById(mObj.getUpdatedByUserId());		
+				if(xXPortalUser!=null){
+					vObj.setUpdatedBy(xXPortalUser.getLoginId());
+				}
+			}
+		}
+		return vObj;
+	}
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/42748388/security-admin/src/main/java/com/xasecure/view/VXPolicy.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/view/VXPolicy.java b/security-admin/src/main/java/com/xasecure/view/VXPolicy.java
index 70f46a0..6c10918 100644
--- a/security-admin/src/main/java/com/xasecure/view/VXPolicy.java
+++ b/security-admin/src/main/java/com/xasecure/view/VXPolicy.java
@@ -543,4 +543,17 @@ public class VXPolicy extends VXDataObject implements java.io.Serializable {
 		str += "}";
 		return str;
 	}
+	
+	//function should be used from grant/revoke rest call only
+	public void syncResponseWithJsonRequest() {
+		this.setGrantor(this.getOwner());
+		this.setOwner(null);		
+		this.setId(null);		
+		this.setUpdatedBy(null);
+		this.setPolicyName(null);
+		this.setResourceName(null);		
+		this.setRepositoryType(null);		
+		this.setVersion(null);
+		this.setRecursive(new Boolean(null));
+	}	
 }


Mime
View raw message