ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject [1/3] git commit: ARGUS-40: User denied table access after access is granted via GRANT
Date Fri, 12 Sep 2014 02:13:42 GMT
Repository: incubator-argus
Updated Branches:
  refs/heads/master 043d3da12 -> 02a35cc61


ARGUS-40: User denied table access after access is granted via GRANT

Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/b7c6e9ef
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/b7c6e9ef
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/b7c6e9ef

Branch: refs/heads/master
Commit: b7c6e9efebc47242df84fda8dd98b2df3226e95f
Parents: 1490df2
Author: mneethiraj <mneethiraj@hortonworks.com>
Authored: Thu Sep 11 14:36:31 2014 -0700
Committer: mneethiraj <mneethiraj@hortonworks.com>
Committed: Thu Sep 11 14:36:31 2014 -0700

----------------------------------------------------------------------
 .../admin/client/datatype/GrantRevokeData.java  |  14 +-
 .../main/java/com/xasecure/biz/XABizUtil.java   | 533 ++++---------------
 .../java/com/xasecure/common/StringUtil.java    |   5 +
 .../com/xasecure/service/XPolicyService.java    |  10 +-
 4 files changed, 120 insertions(+), 442 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/b7c6e9ef/agents-common/src/main/java/com/xasecure/admin/client/datatype/GrantRevokeData.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/com/xasecure/admin/client/datatype/GrantRevokeData.java
b/agents-common/src/main/java/com/xasecure/admin/client/datatype/GrantRevokeData.java
index 0431f97..451e785 100644
--- a/agents-common/src/main/java/com/xasecure/admin/client/datatype/GrantRevokeData.java
+++ b/agents-common/src/main/java/com/xasecure/admin/client/datatype/GrantRevokeData.java
@@ -33,6 +33,8 @@ public class GrantRevokeData implements java.io.Serializable {
 	private boolean       isAuditEnabled;
 	private boolean       replacePerm;
 	private List<PermMap> permMapList = new ArrayList<PermMap>();
+	
+	private static String WILDCARD_ASTERISK = "*";
 
 
 	public GrantRevokeData() {
@@ -112,9 +114,9 @@ public class GrantRevokeData implements java.io.Serializable {
 		this.grantor         = grantor;
 		this.repositoryName = repositoryName;
 		this.repositoryType = "hive";
-		this.databases      = databases;
-		this.tables         = tables;
-		this.columns        = columns;
+		this.databases      = StringUtil.isEmpty(databases) ? WILDCARD_ASTERISK : databases;
+		this.tables         = StringUtil.isEmpty(tables)    ? WILDCARD_ASTERISK : tables;
+		this.columns        = StringUtil.isEmpty(columns)   ? WILDCARD_ASTERISK : columns;
 		this.isAuditEnabled = true;
 		this.isEnabled      = true;
 		this.replacePerm    = false;
@@ -130,9 +132,9 @@ public class GrantRevokeData implements java.io.Serializable {
 		this.grantor         = grantor;
 		this.repositoryName = repositoryName;
 		this.repositoryType = "hbase";
-		this.tables         = tables;
-		this.columns        = columns;
-		this.columnFamilies = columnFamilies;
+		this.tables         = StringUtil.isEmpty(tables)         ? WILDCARD_ASTERISK : tables;
+		this.columns        = StringUtil.isEmpty(columns)        ? WILDCARD_ASTERISK : columns;
+		this.columnFamilies = StringUtil.isEmpty(columnFamilies) ? WILDCARD_ASTERISK : columnFamilies;
 		this.isAuditEnabled = true;
 		this.isEnabled      = true;
 		this.replacePerm    = true;

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/b7c6e9ef/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java b/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
index 3c6ef1f..91e1301 100644
--- a/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
+++ b/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
@@ -603,23 +603,20 @@ public class XABizUtil {
 	public boolean matchHbasePolicy(String resourceName,
 			List<XXResource> xResourceList, VXResponse vXResponse, Long xUserId,
 			int permission) {
-		if(stringUtil.isEmpty(resourceName)){
+		if(stringUtil.isEmpty(resourceName) || xResourceList==null || xUserId==null){
 			return false;
 		}
-		if(xResourceList==null){
-			return false;
-		}
-		if(xUserId==null){
-			return false;
-		}		
-		String[] splittedResources = stringUtil.split(resourceName,
-				File.separator);
-		int numberOfResources = splittedResources.length;
-		if (numberOfResources < 1 || numberOfResources > 3) {
-			logger.debug("Invalid policy name : " + resourceName);
+
+		String[] splittedResources = stringUtil.split(resourceName, File.separator);
+		if (splittedResources.length < 1 || splittedResources.length > 3) {
+			logger.debug("Invalid resourceName name : " + resourceName);
 			return false;
 		}
 
+		String tblName    = splittedResources.length > 0 ? splittedResources[0] : StringUtil.WILDCARD_ASTERISK;
+		String colFamName = splittedResources.length > 1 ? splittedResources[1] : StringUtil.WILDCARD_ASTERISK;
+		String colName    = splittedResources.length > 2 ? splittedResources[2] : StringUtil.WILDCARD_ASTERISK;
+
 		boolean policyMatched = false;
 		// check all resources whether Hbase policy is enabled in any resource
 		// of provided resource list
@@ -628,75 +625,36 @@ public class XABizUtil {
 				continue;
 			}
 			Long resourceId = xResource.getId();
-			boolean hasPermission = checkUsrPermForPolicy(xUserId, permission,
-					resourceId);
+			boolean hasPermission = checkUsrPermForPolicy(xUserId, permission, resourceId);
 			// if permission is enabled then load Tables,column family and
 			// columns list from resource
-			if (hasPermission) {
-				String[] xTables = (xResource.getTables() == null || xResource
-						.getTables().equalsIgnoreCase("")) ? null : stringUtil
-						.split(xResource.getTables(), ",");
-				String[] xColumnFamilies = (xResource.getColumnFamilies() == null || xResource
-						.getColumnFamilies().equalsIgnoreCase("")) ? null
-						: stringUtil.split(xResource.getColumnFamilies(), ",");
-				String[] xColumns = (xResource.getColumns() == null || xResource
-						.getColumns().equalsIgnoreCase("")) ? null : stringUtil
-						.split(xResource.getColumns(), ",");
+			if (! hasPermission) {
+				continue;
+			}
 
-				boolean matchFound = false;
+			// 1. does the policy match the table?
+			String[] xTables = stringUtil.isEmpty(xResource.getTables()) ? null : stringUtil.split(xResource.getTables(),
",");
 
-				for (int index = 0; index < numberOfResources; index++) {
-					matchFound = false;
-					// check whether given table resource matches with any
-					// existing table resource
-					if (index == 0) {
-						if(xTables!=null){
-						for (String xTable : xTables) {
-							if (matchPath(splittedResources[index], xTable)) {
-								matchFound = true;
-								continue;
-							}
-						}
-						}
-						if(!matchFound) {
-							break;
-						}
-					} // check whether given column family resource matches with
-						// any existing column family resource
-					else if (index == 1) {
-						if(xColumnFamilies!=null){
-						for (String xColumnFamily : xColumnFamilies) {
-							if (matchPath(splittedResources[index],
-									xColumnFamily)) {
-								matchFound = true;
-								continue;
-							}
-						}
-						}
-						if(!matchFound) {
-							break;
-						}
-					}// check whether given column resource matches with any
-						// existing column resource
-					else if (index == 2) {
-						if(xColumns!=null){
-						for (String xColumn : xColumns) {
-							if (matchPath(splittedResources[index], xColumn)) {
-								matchFound = true;
-								continue;
-							}
-						}
-						}
-						if(!matchFound) {
-							break;
-						}
-					}
-				}
-				if (matchFound) {
-					policyMatched = true;
-					break;
+			boolean matchFound = (xTables == null || xTables.length == 0) ? true : matchPath(tblName,
xTables);
+
+			if(matchFound) {
+				// 2. does the policy match the column?
+				String[] xColumnFamilies = stringUtil.isEmpty(xResource.getColumnFamilies()) ? null :
stringUtil.split(xResource.getColumnFamilies(), ",");
+
+				matchFound = (xColumnFamilies == null || xColumnFamilies.length == 0) ? true : matchPath(colFamName,
xColumnFamilies);
+				
+				if(matchFound) {
+					// 3. does the policy match the columnFamily?
+					String[] xColumns = stringUtil.isEmpty(xResource.getColumns()) ? null : stringUtil.split(xResource.getColumns(),
",");
+
+					matchFound = (xColumns == null || xColumns.length == 0) ? true : matchPath(colName,
xColumns);
 				}
 			}
+
+			if (matchFound) {
+				policyMatched = true;
+				break;
+			}
 		}
 		return policyMatched;
 	}
@@ -722,387 +680,84 @@ public class XABizUtil {
 	public boolean matchHivePolicy(String resourceName,
 			List<XXResource> xResourceList, Long xUserId, int permission,
 			int reqTableType, int reqColumnType, boolean isUdfPolicy) {
-		if(stringUtil.isEmpty(resourceName)){
-			return false;
-		}
-		if(xResourceList==null){
-			return false;
-		}
-		if(xUserId==null){
+
+		if(stringUtil.isEmpty(resourceName) || xResourceList==null || xUserId==null){
 			return false;
 		}
-		String[] splittedResources = stringUtil.split(resourceName,
-				File.separator);// get list of resources
-		int numberOfResources = splittedResources.length;
-		if (numberOfResources < 1 || numberOfResources > 3) {
-			logger.debug("Invalid policy name : " + resourceName);
+
+		String[] splittedResources = stringUtil.split(resourceName, File.separator);// get list
of resources
+		if (splittedResources.length < 1 || splittedResources.length > 3) {
+			logger.debug("Invalid resource name : " + resourceName);
 			return false;
 		}
+		
+		String dbName  = splittedResources.length > 0 ? splittedResources[0] : StringUtil.WILDCARD_ASTERISK;
+		String tblName = splittedResources.length > 1 ? splittedResources[1] : StringUtil.WILDCARD_ASTERISK;
+		String colName = splittedResources.length > 2 ? splittedResources[2] : StringUtil.WILDCARD_ASTERISK;
 
 		boolean policyMatched = false;
 		for (XXResource xResource : xResourceList) {
 			if (xResource.getResourceStatus() != AppConstants.STATUS_ENABLED) {
 				continue;
 			}
+
 			Long resourceId = xResource.getId();
-			boolean hasPermission = checkUsrPermForPolicy(xUserId, permission,
-					resourceId);
+			boolean hasPermission = checkUsrPermForPolicy(xUserId, permission, resourceId);
 
-			if (hasPermission) {
-				// get database list from resource list
-				String[] xDatabases = stringUtil.split(
-						xResource.getDatabases(), ",");
-				// get table list from resource list
-				String[] xTables = (xResource.getTables() == null || xResource
-						.getTables().equalsIgnoreCase("")) ? null : stringUtil
-						.split(xResource.getTables(), ",");
-				// get UDF list from resource list
-				String[] xUdfs = (xResource.getUdfs() == null || xResource
-						.getUdfs().equalsIgnoreCase("")) ? null : stringUtil
-						.split(xResource.getUdfs(), ",");
-				// get column list from resource list
-				String[] xColumns = (xResource.getColumns() == null || xResource
-						.getColumns().equalsIgnoreCase("")) ? null : stringUtil
-						.split(xResource.getColumns(), ",");
+			if (! hasPermission) {
+				continue;
+			}
 
-				boolean matchFound = false;
-				// check whether given database resource available in database
-				// list
-				for (String xDatabase : xDatabases) {
-					if (matchPath(splittedResources[0], xDatabase)) {
-						matchFound = true;
-					}
-				}
-				if (!matchFound) {
+			// 1. does the policy match the database?
+			String[] xDatabases = stringUtil.isEmpty(xResource.getDatabases()) ? null : stringUtil.split(xResource.getDatabases(),
",");
+
+			boolean matchFound = (xDatabases == null || xDatabases.length == 0) ? true : matchPath(dbName,
xDatabases);
+
+			if (! matchFound) {
+				continue;
+			}
+
+			if (isUdfPolicy) {
+				// 2. does the policy match the UDF?
+				String[] xUdfs = stringUtil.isEmpty(xResource.getUdfs()) ? null : stringUtil.split(xResource.getUdfs(),
",");
+				
+				if(! matchPath(tblName, xUdfs)) {
 					continue;
+				} else {
+					policyMatched = true;
+					break;
 				}
-				// check whether given UDF resource available in UDF list
-				if (isUdfPolicy) {
-					if (xUdfs != null) {
-						for (String xUdf : xUdfs) {
-							if (matchPath(splittedResources[1], xUdf)) {
-								policyMatched = true;
-								break;
-							}
-						}
-					} else {
-						continue;
-					}
+			} else {
+				// 2. does the policy match the table?
+				String[] xTables = stringUtil.isEmpty(xResource.getTables()) ? null : stringUtil.split(xResource.getTables(),
",");
+				
+				System.out.println("tblName=" + tblName + "; xTables=" + xTables);
+
+				matchFound = (xTables == null || xTables.length == 0) ? true : matchPath(tblName, xTables);
+
+				if(xResource.getTableType() == AppConstants.POLICY_EXCLUSION) {
+					matchFound = !matchFound;
 				}
 
-				int dbTableType = xResource.getTableType();
-				int dbColumnType = xResource.getColumnType();
-				// true if database table type and column type is include
-				boolean isXResourceInc = XABizUtil.areAllEqual(
-						AppConstants.POLICY_INCLUSION, dbTableType,
-						dbColumnType);
-				// true if requested table type and requested column type is
-				// include
-				boolean isReqResourceInc = XABizUtil.areAllEqual(
-						AppConstants.POLICY_INCLUSION, reqTableType,
-						reqColumnType);
-
-				if (numberOfResources < 2) {
+				if (!matchFound) {
 					continue;
 				}
 
-				if (isReqResourceInc) {
-					if (isXResourceInc) { // True and True
-						matchFound = false;
-						if(xTables!=null){
-							for (String xTable : xTables) {
-								if (matchPath(splittedResources[1], xTable)) {
-									matchFound = true;
-								}
-							}
-						}
-						if (!matchFound) {
-							continue;
-						}
+				// 3. does current policy match the column?
+				String[] xColumns = stringUtil.isEmpty(xResource.getColumns()) ? null : stringUtil.split(xResource.getColumns(),
",");
 
-						if (xColumns == null) {
-							policyMatched = true;
-							break;
-						} else {
-							if (numberOfResources < 3) {
-								continue;
-							}
-						}
+				matchFound = (xColumns == null || xColumns.length == 0) ? true : matchPath(colName, xColumns);
 
-						matchFound = false;
-						for (String xColumn : xColumns) {
-							if (matchPath(splittedResources[2], xColumn)) {
-								policyMatched = true;
-								break;
-							}
-						}
-						if (!matchFound) {
-							continue;
-						}
-					} else { // only condition 2 is true
-
-						if (dbTableType == AppConstants.POLICY_EXCLUSION) {
-							for (String xTable : xTables) {
-								if (matchPath(splittedResources[1], xTable)) {
-									continue;
-								}
-							}
-						} else {
-							matchFound = false;
-							for (String xTable : xTables) {
-								if (matchPath(splittedResources[1], xTable)) {
-									matchFound = true;
-								}
-							}
-							if (!matchFound) {
-								continue;
-							}
-						}
-
-						if (xColumns == null) {
-							return true;
-						} else {
-							if (numberOfResources < 3) {
-								return false;
-							}
-						}
+				if(xResource.getColumnType() == AppConstants.POLICY_EXCLUSION) {
+					matchFound = !matchFound;
+				}
 
-						if (dbColumnType == AppConstants.POLICY_EXCLUSION) {
-							for (String xColumn : xColumns) {
-								if (matchPath(splittedResources[2], xColumn)) {
-									continue;
-								}
-							}
-						} else {
-							matchFound = false;
-							for (String xColumn : xColumns) {
-								if (matchPath(splittedResources[2], xColumn)) {
-									matchFound = true;
-								}
-							}
-							if (!matchFound) {
-								continue;
-							}
-						}
-					}
+				if (!matchFound) {
+					continue;
 				} else {
-					// Only admin is allowed to create exclude policies.
-					boolean isAdmin = ContextUtil.getCurrentUserSession()
-							.isUserAdmin();
-					return isAdmin;
+					policyMatched = true;
+					break;
 				}
-
-				// if (isXResourceInc && isReqResourceInc) { // True and True
-				// matchFound = false;
-				// for (String xTable : xTables) {
-				// if (matchPath(splittedResources[1], xTable)) {
-				// matchFound = true;
-				// }
-				// }
-				// if (!matchFound) {
-				// continue;
-				// }
-				//
-				// if (xColumns == null) {
-				// policyMatched = true;
-				// break;
-				// } else {
-				// if (numberOfResources < 3) {
-				// continue;
-				// }
-				// }
-				//
-				// matchFound = false;
-				// for (String xColumn : xColumns) {
-				// if (matchPath(splittedResources[2], xColumn)) {
-				// policyMatched = true;
-				// break;
-				// }
-				// }
-				// if (!matchFound) {
-				// continue;
-				// }
-				// } else if (isXResourceInc) { // only condition 1 is true
-				//
-				// if (reqTableType == AppConstants.POLICY_EXCLUSION) {
-				// matchFound = false;
-				// for (String xTable : xTables) {
-				// if (xTable.equals("*")) {
-				// matchFound = true;
-				// }
-				// }
-				// if (!matchFound) {
-				// continue;
-				// }
-				//
-				// } else {
-				// matchFound = false;
-				// for (String xTable : xTables) {
-				// if (matchPath(splittedResources[1], xTable)) {
-				// matchFound = true;
-				// }
-				// }
-				// if (!matchFound) {
-				// continue;
-				// }
-				// }
-				//
-				// if (xColumns == null) {
-				// policyMatched = true;
-				// break;
-				// } else {
-				// if (numberOfResources < 3) {
-				// continue;
-				// }
-				// }
-				//
-				// if (reqColumnType == AppConstants.POLICY_EXCLUSION) {
-				// matchFound = false;
-				// for (String xColumn : xColumns) {
-				// if (xColumn.equals("*")) {
-				// matchFound = true;
-				// }
-				// }
-				// if (!matchFound) {
-				// continue;
-				// }
-				//
-				// } else {
-				// matchFound = false;
-				// for (String xColumn : xColumns) {
-				// if (matchPath(splittedResources[2], xColumn)) {
-				// matchFound = true;
-				// }
-				// }
-				// if (!matchFound) {
-				// continue;
-				// }
-				// }
-				//
-				// } else if (isReqResourceInc) { // only condition 2 is true
-				//
-				// if (dbTableType == AppConstants.POLICY_EXCLUSION) {
-				// for (String xTable : xTables) {
-				// if (matchPath(splittedResources[1], xTable)) {
-				// continue;
-				// }
-				// }
-				// } else {
-				// matchFound = false;
-				// for (String xTable : xTables) {
-				// if (matchPath(splittedResources[1], xTable)) {
-				// matchFound = true;
-				// }
-				// }
-				// if (!matchFound) {
-				// continue;
-				// }
-				// }
-				//
-				// if (xColumns == null) {
-				// return true;
-				// } else {
-				// if (numberOfResources < 3) {
-				// return false;
-				// }
-				// }
-				//
-				// if (dbColumnType == AppConstants.POLICY_EXCLUSION) {
-				// for (String xColumn : xColumns) {
-				// if (matchPath(splittedResources[2], xColumn)) {
-				// continue;
-				// }
-				// }
-				// } else {
-				// matchFound = false;
-				// for (String xColumn : xColumns) {
-				// if (matchPath(splittedResources[2], xColumn)) {
-				// matchFound = true;
-				// }
-				// }
-				// if (!matchFound) {
-				// continue;
-				// }
-				// }
-
-				// } else { //else cases
-				// if (dbTableType == AppConstants.POLICY_EXCLUSION) {
-				// if (reqTableType == AppConstants.POLICY_EXCLUSION) {
-				// for (String xTable : xTables) {
-				// if (matchPath(splittedResources[1], xTable)) {
-				// continue;
-				// }
-				// }
-				// } else {
-				// for (String xTable : xTables) {
-				// if (matchPath(splittedResources[1], xTable)) {
-				// continue;
-				// }
-				// }
-				// }
-				// } else {
-				// if (reqTableType == AppConstants.POLICY_EXCLUSION) {
-				// matchFound = false;
-				// for (String xTable : xTables) {
-				// if (xTable.equals("*")) {
-				// matchFound = true;
-				// }
-				// }
-				// if (!matchFound) {
-				// return false;
-				// }
-				// } else {
-				// for (String xTable : xTables) {
-				// if (matchPath(splittedResources[1], xTable)) {
-				// continue;
-				// }
-				// }
-				// }
-				// }
-				//
-				// if (xColumns == null) {
-				// return true;
-				// } else {
-				// if (numberOfResources < 3) {
-				// return false;
-				// }
-				// }
-				//
-				// if (dbColumnType == AppConstants.POLICY_EXCLUSION) {
-				// if (reqColumnType == AppConstants.POLICY_EXCLUSION) {
-				// for (String xColumn : xColumns) {
-				// if (matchPath(splittedResources[2], xColumn)) {
-				// continue;
-				// }
-				// }
-				// } else {
-				// for (String xColumn : xColumns) {
-				// if (matchPath(splittedResources[2], xColumn)) {
-				// continue;
-				// }
-				// }
-				// }
-				// } else {
-				// if (reqColumnType == AppConstants.POLICY_EXCLUSION) {
-				// matchFound = false;
-				// for (String xColumn : xColumns) {
-				// if (xColumn.equals("*")) {
-				// matchFound = true;
-				// }
-				// }
-				// if (!matchFound) {
-				// return false;
-				// }
-				// } else {
-				// for (String xColumn : xColumns) {
-				// if (matchPath(splittedResources[2], xColumn)) {
-				// continue;
-				// }
-				// }
-				// }
-				// }
-				//
-				// }
 			}
 		}
 		return policyMatched;
@@ -1514,6 +1169,10 @@ public class XABizUtil {
 	 */
 	private boolean matchPath(String pathToCheckFragment,
 			String wildCardPathFragment) {
+		if(pathToCheckFragment == null || wildCardPathFragment == null) {
+			return false;
+		}
+
 		if (pathToCheckFragment.contains("*")
 				|| pathToCheckFragment.contains("?")) {
 			pathToCheckFragment = replaceMetaChars(pathToCheckFragment);
@@ -1536,6 +1195,18 @@ public class XABizUtil {
 			}
 		}
 	}
+	
+	private boolean matchPath(String pathToCheck, String[] wildCardPaths) {
+		if (pathToCheck != null && wildCardPaths != null) {
+			for (String wildCardPath : wildCardPaths) {
+				if (matchPath(pathToCheck, wildCardPath)) {
+					return true;
+				}
+			}
+		}
+		
+		return false;
+	}
 
 	/**
 	 * This method returns true if first parameter value is equal to others

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/b7c6e9ef/security-admin/src/main/java/com/xasecure/common/StringUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/common/StringUtil.java b/security-admin/src/main/java/com/xasecure/common/StringUtil.java
index 1a66459..8dc3e14 100644
--- a/security-admin/src/main/java/com/xasecure/common/StringUtil.java
+++ b/security-admin/src/main/java/com/xasecure/common/StringUtil.java
@@ -22,6 +22,7 @@ public class StringUtil implements Serializable {
 
 	static final public String VALIDATION_ALPHA = "[a-z,A-Z]*";
 	static final public String VALIDATION_IP_ADDRESS = "[\\d\\.\\%\\:]*";
+	static final public String WILDCARD_ASTERISK = "*";
 
 	static HashMap<String, Pattern> compiledRegEx = new HashMap<String, Pattern>();
 
@@ -50,6 +51,10 @@ public class StringUtil implements Serializable {
 		return false;
 	}
 
+	public boolean isEmptyOrWildcardAsterisk(String str) {
+		return isEmpty(str) || str.equals(WILDCARD_ASTERISK);
+	}
+
 	public boolean equals(String str1, String str2) {
 		if (str1 == str2) {
 			return true;

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/b7c6e9ef/security-admin/src/main/java/com/xasecure/service/XPolicyService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/service/XPolicyService.java b/security-admin/src/main/java/com/xasecure/service/XPolicyService.java
index 0122639..ac58ac7 100644
--- a/security-admin/src/main/java/com/xasecure/service/XPolicyService.java
+++ b/security-admin/src/main/java/com/xasecure/service/XPolicyService.java
@@ -647,10 +647,10 @@ public class XPolicyService extends PublicAPIServiceBase<VXResource,
VXPolicy> {
 		}
 		if (!stringUtil.isEmpty(vXPolicy.getDatabases())) {
 			resourceType = AppConstants.RESOURCE_DB;
-			if (!stringUtil.isEmpty(vXPolicy.getTables())) {
+			if (!stringUtil.isEmptyOrWildcardAsterisk(vXPolicy.getTables())) {
 				resourceType = AppConstants.RESOURCE_TABLE;
 			}
-			if (!stringUtil.isEmpty(vXPolicy.getColumns())) {
+			if (!stringUtil.isEmptyOrWildcardAsterisk(vXPolicy.getColumns())) {
 				resourceType = AppConstants.RESOURCE_COLUMN;
 			}
 			if (!stringUtil.isEmpty(vXPolicy.getUdfs())) {
@@ -658,15 +658,15 @@ public class XPolicyService extends PublicAPIServiceBase<VXResource,
VXPolicy> {
 			}
 		} else if (!stringUtil.isEmpty(vXPolicy.getTables())) {
 			resourceType = AppConstants.RESOURCE_TABLE;
-			if (!stringUtil.isEmpty(vXPolicy.getColumnFamilies())) {
+			if (!stringUtil.isEmptyOrWildcardAsterisk(vXPolicy.getColumnFamilies())) {
 				resourceType = AppConstants.RESOURCE_COL_FAM;
 			}
-			if (!stringUtil.isEmpty(vXPolicy.getColumns())) {
+			if (!stringUtil.isEmptyOrWildcardAsterisk(vXPolicy.getColumns())) {
 				resourceType = AppConstants.RESOURCE_COLUMN;
 			}
 		} else if (!stringUtil.isEmpty(vXPolicy.getTopologies())) {
 			resourceType = AppConstants.RESOURCE_TOPOLOGY;
-			if (!stringUtil.isEmpty(vXPolicy.getServices())) {
+			if (!stringUtil.isEmptyOrWildcardAsterisk(vXPolicy.getServices())) {
 				resourceType = AppConstants.RESOURCE_SERVICE_NAME;
 			}
 		}


Mime
View raw message