ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject [11/12] incubator-ranger git commit: RANGER-194: Rename classes under web-admin project
Date Tue, 16 Dec 2014 02:44:41 GMT
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
new file mode 100644
index 0000000..b8659aa
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
@@ -0,0 +1,1311 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+ package org.apache.ranger.biz;
+
+import java.io.File;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Random;
+import java.util.Set;
+
+import org.apache.commons.io.FilenameUtils;
+import org.apache.commons.io.IOCase;
+import org.apache.log4j.Logger;
+import org.apache.ranger.common.AppConstants;
+import org.apache.ranger.common.ContextUtil;
+import org.apache.ranger.common.GUIDUtil;
+import org.apache.ranger.common.PropertiesUtil;
+import org.apache.ranger.common.RESTErrorUtil;
+import org.apache.ranger.common.RangerCommonEnums;
+import org.apache.ranger.common.RangerConstants;
+import org.apache.ranger.common.StringUtil;
+import org.apache.ranger.common.UserSessionBase;
+import org.apache.ranger.common.db.BaseDao;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.entity.XXAsset;
+import org.apache.ranger.entity.XXDBBase;
+import org.apache.ranger.entity.XXGroup;
+import org.apache.ranger.entity.XXPermMap;
+import org.apache.ranger.entity.XXPortalUser;
+import org.apache.ranger.entity.XXResource;
+import org.apache.ranger.entity.XXTrxLog;
+import org.apache.ranger.entity.XXUser;
+import org.apache.ranger.service.AbstractBaseResourceService;
+import org.apache.ranger.view.VXDataObject;
+import org.apache.ranger.view.VXPortalUser;
+import org.apache.ranger.view.VXResource;
+import org.apache.ranger.view.VXResponse;
+import org.apache.ranger.view.VXString;
+import org.apache.ranger.view.VXStringList;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public class RangerBizUtil {
+	static final Logger logger = Logger.getLogger(RangerBizUtil.class);
+
+	@Autowired
+	RESTErrorUtil restErrorUtil;
+
+	@Autowired
+	RangerDaoManager daoManager;
+
+	@Autowired
+	StringUtil stringUtil;
+
+	@Autowired
+	UserMgr userMgr;
+
+	Set<Class<?>> groupEditableClasses;
+	private Class<?>[] groupEditableClassesList = {};
+
+	Map<String, Integer> classTypeMappings = new HashMap<String, Integer>();
+	private int maxFirstNameLength;
+	int maxDisplayNameLength = 150;
+	boolean defaultAutoApprove = true;
+	boolean showBlockedContent = true;
+	public final String EMPTY_CONTENT_DISPLAY_NAME = "...";
+	boolean enableResourceAccessControl;
+	private Random random;
+	private static final String PATH_CHARS = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrst0123456789-_.";
+	private static char[] PATH_CHAR_SET = PATH_CHARS.toCharArray();
+	private static int PATH_CHAR_SET_LEN = PATH_CHAR_SET.length;
+	
+	static String fileSeparator = PropertiesUtil.getProperty(
+			"xa.file.separator", "/");
+
+	public RangerBizUtil() {
+		maxFirstNameLength = Integer.parseInt(PropertiesUtil.getProperty(
+				"xa.user.firstname.maxlength", "16"));
+		maxDisplayNameLength = PropertiesUtil.getIntProperty(
+				"xa.bookmark.name.maxlen", maxDisplayNameLength);
+		showBlockedContent = PropertiesUtil.getBooleanProperty(
+				"xa.content.show_blocked", showBlockedContent);
+		defaultAutoApprove = PropertiesUtil.getBooleanProperty(
+				"xa.mod.default", defaultAutoApprove);
+
+		groupEditableClasses = new HashSet<Class<?>>(
+				Arrays.asList(groupEditableClassesList));
+		enableResourceAccessControl = PropertiesUtil.getBooleanProperty(
+				"xa.resource.accessControl.enabled", true);
+		random = new Random();
+	}
+
+	public <T extends XXDBBase> List<? extends XXDBBase> getParentObjects(T object) {
+		List<XXDBBase> parentObjectList = null;
+		// if (checkParentAcess.contains(object.getMyClassType())) {
+		// parentObjectList = new ArrayList<MBase>();
+		// }
+		return parentObjectList;
+	}
+
+	public int getClassType(Class<?> klass) {
+		String className = klass.getName();
+		// See if this mapping is already in the database
+		Integer classType = classTypeMappings.get(className);
+		if (classType == null) {
+			// Instantiate the class and call the getClassType method
+			if (XXDBBase.class.isAssignableFrom(klass)) {
+				try {
+					XXDBBase gjObj = (XXDBBase) klass.newInstance();
+					classType = gjObj.getMyClassType();
+					classTypeMappings.put(className, classType);
+				} catch (Throwable ex) {
+					logger.error("Error instantiating object for class "
+							+ className, ex);
+				}
+			}
+		}
+		if (classType == null) {
+			return RangerCommonEnums.CLASS_TYPE_NONE;
+		} else {
+			return classType;
+		}
+	}
+
+	// Access control methods
+	public void checkSystemAdminAccess() {
+		UserSessionBase currentUserSession = ContextUtil
+				.getCurrentUserSession();
+		if (currentUserSession != null && currentUserSession.isUserAdmin()) {
+			return;
+		}
+		throw restErrorUtil
+				.create403RESTException("Only System Administrators can add accounts");
+	}
+
+	/**
+	 * @param contentType
+	 * @return
+	 */
+	public int getMimeTypeInt(String contentType) {
+		if (contentType.equalsIgnoreCase("JPEG")
+				|| contentType.equalsIgnoreCase("JPG")
+				|| contentType.endsWith("jpg") || contentType.endsWith("jpeg")) {
+			return RangerConstants.MIME_JPEG;
+		}
+		if (contentType.equalsIgnoreCase("PNG") || contentType.endsWith("png")) {
+			return RangerConstants.MIME_PNG;
+		}
+		return RangerConstants.MIME_UNKNOWN;
+	}
+
+	/**
+	 * @param mimeType
+	 * @return
+	 */
+	public String getMimeType(int mimeType) {
+		switch (mimeType) {
+		case RangerConstants.MIME_JPEG:
+			return "jpg";
+		case RangerConstants.MIME_PNG:
+			return "png";
+		}
+		return "";
+	}
+
+	/**
+	 * @param contentType
+	 * @return
+	 */
+	public String getImageExtension(String contentType) {
+		if (contentType.toLowerCase().endsWith("jpg")
+				|| contentType.toLowerCase().endsWith("jpeg")) {
+			return "jpg";
+		} else if (contentType.toLowerCase().endsWith("png")) {
+			return "png";
+		}
+		return "";
+	}
+
+	/**
+	 * @param file
+	 * @return
+	 */
+	public String getFileNameWithoutExtension(File file) {
+		if (file != null) {
+			String fileName = file.getName();
+			if (fileName.indexOf(".") > 0) {
+				return fileName.substring(0, fileName.indexOf("."));
+			}
+			return fileName;
+
+		}
+		return null;
+	}
+
+	public String getDisplayNameForClassName(XXDBBase obj) {
+		String classTypeDisplayName = RangerConstants.getLabelFor_ClassTypes(obj
+				.getMyClassType());
+		if (classTypeDisplayName == null) {
+			logger.error(
+					"Error get name for class type. obj=" + obj.toString(),
+					new Throwable());
+		}
+		return classTypeDisplayName;
+	}
+
+	public String getDisplayName(XXDBBase obj) {
+		if (obj != null) {
+			return handleGetDisplayName(obj.getMyDisplayValue());
+		} else {
+			return handleGetDisplayName(null);
+		}
+	}
+
+	/**
+	 * @param displayValue
+	 * @return
+	 */
+	private String handleGetDisplayName(String displayValue) {
+		if (displayValue == null || displayValue.trim().isEmpty()) {
+			return EMPTY_CONTENT_DISPLAY_NAME;
+		}
+
+		if (displayValue.length() > maxDisplayNameLength) {
+			displayValue = displayValue.substring(0, maxDisplayNameLength - 3)
+					.concat("...");
+		}
+		return displayValue;
+	}
+
+	/**
+	 * @param userProfile
+	 * @return
+	 */
+	public String generatePublicName(VXPortalUser userProfile, XXPortalUser gjUser) {
+		return generatePublicName(userProfile.getFirstName(),
+				userProfile.getLastName());
+	}
+
+	public String generatePublicName(String firstName, String lastName) {
+		String publicName = null;
+		String fName = firstName;
+		if (firstName.length() > maxFirstNameLength) {
+			fName = firstName.substring(0, maxFirstNameLength - (1 + 3))
+					+ "...";
+		}
+		if (lastName != null && lastName.length() > 0) {
+			publicName = fName + " " + lastName.substring(0, 1) + ".";
+		}
+		return publicName;
+	}
+
+	public void updateCloneReferences(XXDBBase obj) {
+		if (obj == null) {
+			return;
+		}
+	}
+
+	public Long getForUserId(XXDBBase resource) {
+		return null;
+	}
+
+	public XXDBBase getMObject(int objClassType, Long objId) {
+		XXDBBase obj = null;
+
+		if (objId != null) {
+			BaseDao<?> dao = daoManager.getDaoForClassType(objClassType);
+
+			if (dao != null) {
+				obj = (XXDBBase) dao.getById(objId);
+			}
+		}
+
+		return obj;
+	}
+
+	public XXDBBase getMObject(VXDataObject vXDataObject) {
+		if (vXDataObject != null) {
+			return getMObject(vXDataObject.getMyClassType(), vXDataObject.getId());
+		}
+		return null;
+	}
+
+	public VXDataObject getVObject(int objClassType, Long objId) {
+		if (objId == null) {
+			return null;
+		}
+		if (objClassType == RangerConstants.CLASS_TYPE_USER_PROFILE) {
+			return userMgr.mapXXPortalUserVXPortalUser(daoManager.getXXPortalUser().getById(
+					objId));
+		}
+		try {
+			AbstractBaseResourceService<?, ?> myService = AbstractBaseResourceService
+					.getService(objClassType);
+			if (myService != null) {
+				return myService.readResource(objId);
+			}
+		} catch (Throwable t) {
+			logger.error("Error reading resource. objectClassType="
+					+ objClassType + ", objectId=" + objId, t);
+		}
+		return null;
+	}
+
+	public void deleteReferencedObjects(XXDBBase obj) {
+
+		if (obj == null) {
+			return;
+		}
+		if (obj.getMyClassType() == RangerConstants.CLASS_TYPE_NONE) {
+			return;
+		}
+
+	}
+
+	/**
+	 * @param obj
+	 */
+	void deleteObjects(List<XXDBBase> objs) {
+
+	}
+
+	void deleteObject(XXDBBase obj) {
+		AbstractBaseResourceService<?, ?> myService = AbstractBaseResourceService
+				.getService(obj.getMyClassType());
+		if (myService != null) {
+			myService.deleteResource(obj.getId());
+		} else {
+			logger.error("Service not found for obj=" + obj, new Throwable());
+		}
+	}
+
+	public <T extends XXDBBase> Class<? extends XXDBBase> getContextObject(
+			int objectClassType, Long objectId) {
+		return null;
+	}
+
+	public VXStringList mapStringListToVStringList(List<String> stringList) {
+		if (stringList == null) {
+			return null;
+		}
+
+		List<VXString> vStringList = new ArrayList<VXString>();
+		for (String str : stringList) {
+			VXString vXString = new VXString();
+			vXString.setValue(str);
+			vStringList.add(vXString);
+		}
+
+		return new VXStringList(vStringList);
+	}
+
+	/**
+	 * return response object if users is having permission on given resource
+	 * 
+	 * @param vXResource
+	 * @param permission
+	 * @return
+	 */
+	public VXResponse hasPermission(VXResource vXResource, int permission) {
+
+		VXResponse vXResponse = new VXResponse();
+		if (!enableResourceAccessControl) {
+			logger.debug("Resource Access Control is disabled !!!");
+			return vXResponse;
+		}
+
+		if (vXResource == null) {
+			vXResponse.setStatusCode(VXResponse.STATUS_ERROR);
+			vXResponse.setMsgDesc("Please provide valid policy.");
+			return vXResponse;
+		}
+
+		String resourceNames = vXResource.getName();
+		if (stringUtil.isEmpty(resourceNames)) {
+			vXResponse.setStatusCode(VXResponse.STATUS_ERROR);
+			vXResponse.setMsgDesc("Please provide valid policy.");
+			return vXResponse;
+		}
+
+		if (isAdmin()) {
+			return vXResponse;
+		}
+
+		Long xUserId = getXUserId();
+		Long assetId = vXResource.getAssetId();
+		List<XXResource> xResourceList = daoManager.getXXResource()
+				.findByAssetIdAndResourceStatus(assetId,
+						AppConstants.STATUS_ENABLED);
+
+		XXAsset xAsset = daoManager.getXXAsset().getById(assetId);
+		int assetType = xAsset.getAssetType();
+
+		vXResponse.setStatusCode(VXResponse.STATUS_ERROR);
+		vXResponse.setMsgDesc("Permission Denied !");
+
+		if (assetType == AppConstants.ASSET_HIVE) {
+			String[] requestResNameList = resourceNames.split(",");
+			if (stringUtil.isEmpty(vXResource.getUdfs())) {
+				int reqTableType = vXResource.getTableType();
+				int reqColumnType = vXResource.getColumnType();
+				for (String resourceName : requestResNameList) {
+					boolean matchFound = matchHivePolicy(resourceName,
+							xResourceList, xUserId, permission, reqTableType,
+							reqColumnType, false);
+					if (!matchFound) {
+						vXResponse.setMsgDesc("You're not permitted to perform "
+								+ "the action for resource path : "
+								+ resourceName);
+						vXResponse.setStatusCode(VXResponse.STATUS_ERROR);
+						return vXResponse;
+					}
+				}
+			} else {
+				for (String resourceName : requestResNameList) {
+					boolean matchFound = matchHivePolicy(resourceName,
+							xResourceList, xUserId, permission);
+					if (!matchFound) {
+						vXResponse.setMsgDesc("You're not permitted to perform "
+								+ "the action for resource path : "
+								+ resourceName);
+						vXResponse.setStatusCode(VXResponse.STATUS_ERROR);
+						return vXResponse;
+					}
+				}
+			}
+			vXResponse.setStatusCode(VXResponse.STATUS_SUCCESS);
+			return vXResponse;
+		} else if (assetType == AppConstants.ASSET_HBASE) {
+			String[] requestResNameList = resourceNames.split(",");
+			for (String resourceName : requestResNameList) {
+				boolean matchFound = matchHbasePolicy(resourceName,
+						xResourceList, vXResponse, xUserId, permission);
+				if (!matchFound) {
+					vXResponse.setMsgDesc("You're not permitted to perform "
+							+ "the action for resource path : " + resourceName);
+					vXResponse.setStatusCode(VXResponse.STATUS_ERROR);
+					return vXResponse;
+				}
+			}
+			vXResponse.setStatusCode(VXResponse.STATUS_SUCCESS);
+			return vXResponse;
+		} else if (assetType == AppConstants.ASSET_HDFS) {
+			String[] requestResNameList = resourceNames.split(",");
+			for (String resourceName : requestResNameList) {
+				boolean matchFound = matchHdfsPolicy(resourceName,
+						xResourceList, xUserId, permission);
+				if (!matchFound) {
+					vXResponse.setMsgDesc("You're not permitted to perform "
+							+ "the action for resource path : " + resourceName);
+					vXResponse.setStatusCode(VXResponse.STATUS_ERROR);
+					return vXResponse;
+				}
+			}
+			vXResponse.setStatusCode(VXResponse.STATUS_SUCCESS);
+			return vXResponse;
+		} else if (assetType == AppConstants.ASSET_KNOX) {
+				String[] requestResNameList = resourceNames.split(",");
+				for (String resourceName : requestResNameList) {
+					boolean matchFound = matchKnoxPolicy(resourceName,
+							xResourceList, vXResponse, xUserId, permission);
+					if (!matchFound) {
+						vXResponse.setMsgDesc("You're not permitted to perform "
+								+ "the action for resource path : " + resourceName);
+						vXResponse.setStatusCode(VXResponse.STATUS_ERROR);
+						return vXResponse;
+					}
+				}
+				vXResponse.setStatusCode(VXResponse.STATUS_SUCCESS);
+				return vXResponse;	
+        } else if (assetType == AppConstants.ASSET_STORM) {
+            String[] requestResNameList = resourceNames.split(",");
+            for (String resourceName : requestResNameList) {
+                boolean matchFound = matchStormPolicy(resourceName,
+                        xResourceList, vXResponse, xUserId, permission);
+                if (!matchFound) {
+                    vXResponse.setMsgDesc("You're not permitted to perform "
+                            + "the action for resource path : " + resourceName);
+                    vXResponse.setStatusCode(VXResponse.STATUS_ERROR);
+                    return vXResponse;
+                }
+            }
+            vXResponse.setStatusCode(VXResponse.STATUS_SUCCESS);
+            return vXResponse;
+        }
+		return vXResponse;
+	}
+
+	/**
+	 * return true id current logged in session is owned by admin
+	 * 
+	 * @return
+	 */
+	public boolean isAdmin() {
+		UserSessionBase currentUserSession = ContextUtil
+				.getCurrentUserSession();
+		if (currentUserSession == null) {
+			logger.debug("Unable to find session.");
+			return false;
+		}
+
+		if (currentUserSession.isUserAdmin()) {
+			return true;
+		}
+		return false;
+	}
+
+	/**
+	 * returns current user's userID from active user sessions
+	 * 
+	 * @return
+	 */
+	public Long getXUserId() {
+
+		UserSessionBase currentUserSession = ContextUtil
+				.getCurrentUserSession();
+		if (currentUserSession == null) {
+			logger.debug("Unable to find session.");
+			return null;
+		}
+
+		XXPortalUser user = daoManager.getXXPortalUser().getById(
+				currentUserSession.getUserId());
+		if (user == null) {
+			logger.debug("XXPortalUser not found with logged in user id : "
+					+ currentUserSession.getUserId());
+			return null;
+		}
+
+		XXUser xUser = daoManager.getXXUser().findByUserName(user.getLoginId());
+		if (xUser == null) {
+			logger.debug("XXPortalUser not found for user id :" + user.getId()
+					+ " with name " + user.getFirstName());
+			return null;
+		}
+
+		return xUser.getId();
+	}
+
+	/**
+	 * returns true if user is having required permission on given Hdfs resource
+	 * 
+	 * @param resourceName
+	 * @param xResourceList
+	 * @param xUserId
+	 * @param permission
+	 * @return
+	 */
+	private boolean matchHdfsPolicy(String resourceName,
+			List<XXResource> xResourceList, Long xUserId, int permission) {
+		boolean matchFound = false;
+		resourceName = replaceMetaChars(resourceName);
+
+		for (XXResource xResource : xResourceList) {
+			if (xResource.getResourceStatus() != AppConstants.STATUS_ENABLED) {
+				continue;
+			}
+			Long resourceId = xResource.getId();
+			matchFound = checkUsrPermForPolicy(xUserId, permission, resourceId);
+			if (matchFound) {
+				matchFound = false;
+				String resource = xResource.getName();
+				String[] dbResourceNameList = resource.split(",");
+				for (String dbResourceName : dbResourceNameList) {
+					if (comparePathsForExactMatch(resourceName, dbResourceName)) {
+						matchFound = true;
+					} else {
+						if (xResource.getIsRecursive() == AppConstants.BOOL_TRUE) {
+							matchFound = isRecursiveWildCardMatch(resourceName,
+									dbResourceName);
+						} else {
+							matchFound = nonRecursiveWildCardMatch(
+									resourceName, dbResourceName);
+						}
+					}
+					if (matchFound) {
+						break;
+					}
+				}
+				if (matchFound) {
+					break;
+				}
+			}
+		}
+		return matchFound;
+	}
+
+	/**
+	 * returns true if user is having required permission on given Hbase
+	 * resource
+	 * 
+	 * @param resourceName
+	 * @param xResourceList
+	 * @param vXResponse
+	 * @param xUserId
+	 * @param permission
+	 * @return
+	 */
+	public boolean matchHbasePolicy(String resourceName,
+			List<XXResource> xResourceList, VXResponse vXResponse, Long xUserId,
+			int permission) {
+		if(stringUtil.isEmpty(resourceName) || xResourceList==null || xUserId==null){
+			return false;
+		}
+
+		String[] splittedResources = stringUtil.split(resourceName, fileSeparator);
+		if (splittedResources.length < 1 || splittedResources.length > 3) {
+			logger.debug("Invalid resourceName name : " + resourceName);
+			return false;
+		}
+
+		String tblName    = splittedResources.length > 0 ? splittedResources[0] : StringUtil.WILDCARD_ASTERISK;
+		String colFamName = splittedResources.length > 1 ? splittedResources[1] : StringUtil.WILDCARD_ASTERISK;
+		String colName    = splittedResources.length > 2 ? splittedResources[2] : StringUtil.WILDCARD_ASTERISK;
+
+		boolean policyMatched = false;
+		// check all resources whether Hbase policy is enabled in any resource
+		// of provided resource list
+		for (XXResource xResource : xResourceList) {
+			if (xResource.getResourceStatus() != AppConstants.STATUS_ENABLED) {
+				continue;
+			}
+			Long resourceId = xResource.getId();
+			boolean hasPermission = checkUsrPermForPolicy(xUserId, permission, resourceId);
+			// if permission is enabled then load Tables,column family and
+			// columns list from resource
+			if (! hasPermission) {
+				continue;
+			}
+
+			// 1. does the policy match the table?
+			String[] xTables = stringUtil.isEmpty(xResource.getTables()) ? null : stringUtil.split(xResource.getTables(), ",");
+
+			boolean matchFound = (xTables == null || xTables.length == 0) ? true : matchPath(tblName, xTables);
+
+			if(matchFound) {
+				// 2. does the policy match the column?
+				String[] xColumnFamilies = stringUtil.isEmpty(xResource.getColumnFamilies()) ? null : stringUtil.split(xResource.getColumnFamilies(), ",");
+
+				matchFound = (xColumnFamilies == null || xColumnFamilies.length == 0) ? true : matchPath(colFamName, xColumnFamilies);
+				
+				if(matchFound) {
+					// 3. does the policy match the columnFamily?
+					String[] xColumns = stringUtil.isEmpty(xResource.getColumns()) ? null : stringUtil.split(xResource.getColumns(), ",");
+
+					matchFound = (xColumns == null || xColumns.length == 0) ? true : matchPath(colName, xColumns);
+				}
+			}
+
+			if (matchFound) {
+				policyMatched = true;
+				break;
+			}
+		}
+		return policyMatched;
+	}
+
+	public boolean matchHivePolicy(String resourceName,
+			List<XXResource> xResourceList, Long xUserId, int permission) {
+		return matchHivePolicy(resourceName, xResourceList, xUserId,
+				permission, 0, 0, true);
+	}
+
+	/**
+	 * returns true if user is having required permission on given Hive resource
+	 * 
+	 * @param resourceName
+	 * @param xResourceList
+	 * @param xUserId
+	 * @param permission
+	 * @param reqTableType
+	 * @param reqColumnType
+	 * @param isUdfPolicy
+	 * @return
+	 */
+	public boolean matchHivePolicy(String resourceName,
+			List<XXResource> xResourceList, Long xUserId, int permission,
+			int reqTableType, int reqColumnType, boolean isUdfPolicy) {
+
+		if(stringUtil.isEmpty(resourceName) || xResourceList==null || xUserId==null){
+			return false;
+		}
+
+		String[] splittedResources = stringUtil.split(resourceName, fileSeparator);// get list of resources
+		if (splittedResources.length < 1 || splittedResources.length > 3) {
+			logger.debug("Invalid resource name : " + resourceName);
+			return false;
+		}
+		
+		String dbName  = splittedResources.length > 0 ? splittedResources[0] : StringUtil.WILDCARD_ASTERISK;
+		String tblName = splittedResources.length > 1 ? splittedResources[1] : StringUtil.WILDCARD_ASTERISK;
+		String colName = splittedResources.length > 2 ? splittedResources[2] : StringUtil.WILDCARD_ASTERISK;
+
+		boolean policyMatched = false;
+		for (XXResource xResource : xResourceList) {
+			if (xResource.getResourceStatus() != AppConstants.STATUS_ENABLED) {
+				continue;
+			}
+
+			Long resourceId = xResource.getId();
+			boolean hasPermission = checkUsrPermForPolicy(xUserId, permission, resourceId);
+
+			if (! hasPermission) {
+				continue;
+			}
+
+			// 1. does the policy match the database?
+			String[] xDatabases = stringUtil.isEmpty(xResource.getDatabases()) ? null : stringUtil.split(xResource.getDatabases(), ",");
+
+			boolean matchFound = (xDatabases == null || xDatabases.length == 0) ? true : matchPath(dbName, xDatabases);
+
+			if (! matchFound) {
+				continue;
+			}
+			
+			// Type(either UDFs policy or non-UDFs policy) of current policy
+			// should be of same as type of policy being iterated
+			if (!stringUtil.isEmpty(xResource.getUdfs()) && !isUdfPolicy) {
+				continue;
+			}
+
+			if (isUdfPolicy) {
+				// 2. does the policy match the UDF?
+				String[] xUdfs = stringUtil.isEmpty(xResource.getUdfs()) ? null : stringUtil.split(xResource.getUdfs(), ",");
+				
+				if(! matchPath(tblName, xUdfs)) {
+					continue;
+				} else {
+					policyMatched = true;
+					break;
+				}
+			} else {
+				// 2. does the policy match the table?
+				String[] xTables = stringUtil.isEmpty(xResource.getTables()) ? null : stringUtil.split(xResource.getTables(), ",");
+
+				matchFound = (xTables == null || xTables.length == 0) ? true : matchPath(tblName, xTables);
+
+				if(xResource.getTableType() == AppConstants.POLICY_EXCLUSION) {
+					matchFound = !matchFound;
+				}
+
+				if (!matchFound) {
+					continue;
+				}
+
+				// 3. does current policy match the column?
+				String[] xColumns = stringUtil.isEmpty(xResource.getColumns()) ? null : stringUtil.split(xResource.getColumns(), ",");
+
+				matchFound = (xColumns == null || xColumns.length == 0) ? true : matchPath(colName, xColumns);
+
+				if(xResource.getColumnType() == AppConstants.POLICY_EXCLUSION) {
+					matchFound = !matchFound;
+				}
+
+				if (!matchFound) {
+					continue;
+				} else {
+					policyMatched = true;
+					break;
+				}
+			}
+		}
+		return policyMatched;
+	}
+	/**
+	 * returns true if user is having required permission on given Hbase
+	 * resource
+	 * 
+	 * @param resourceName
+	 * @param xResourceList
+	 * @param vXResponse
+	 * @param xUserId
+	 * @param permission
+	 * @return
+	 */
+	private boolean matchKnoxPolicy(String resourceName,
+			List<XXResource> xResourceList, VXResponse vXResponse, Long xUserId,
+			int permission) {
+
+		String[] splittedResources = stringUtil.split(resourceName,
+				fileSeparator);
+		int numberOfResources = splittedResources.length;
+		if (numberOfResources < 1 || numberOfResources > 3) {
+			logger.debug("Invalid policy name : " + resourceName);
+			return false;
+		}
+
+		boolean policyMatched = false;
+		// check all resources whether Knox policy is enabled in any resource
+		// of provided resource list
+		for (XXResource xResource : xResourceList) {
+			if (xResource.getResourceStatus() != AppConstants.STATUS_ENABLED) {
+				continue;
+			}
+			Long resourceId = xResource.getId();
+			boolean hasPermission = checkUsrPermForPolicy(xUserId, permission,
+					resourceId);
+			// if permission is enabled then load Topologies,services list from resource
+			if (hasPermission) {
+				String[] xTopologies = (xResource.getTopologies() == null || xResource
+						.getTopologies().equalsIgnoreCase("")) ? null : stringUtil
+						.split(xResource.getTopologies(), ",");
+				String[] xServices = (xResource.getServices() == null || xResource
+						.getServices().equalsIgnoreCase("")) ? null
+						: stringUtil.split(xResource.getServices(), ",");
+
+				boolean matchFound = false;
+
+				for (int index = 0; index < numberOfResources; index++) {
+					matchFound = false;
+					// check whether given table resource matches with any
+					// existing topology resource
+					if (index == 0) {
+						if(xTopologies!=null){
+						for (String xTopology : xTopologies) {
+							if (matchPath(splittedResources[index], xTopology)) {
+								matchFound = true;
+								continue;
+							}
+						}
+						}
+						if(!matchFound) {
+							break;
+						}
+					} // check whether given service resource matches with
+						// any existing service resource
+					else if (index == 1) {
+						if(xServices!=null){
+						for (String xService : xServices) {
+							if (matchPath(splittedResources[index],
+									xService)) {
+								matchFound = true;
+								continue;
+							}
+						}
+						}
+						if(!matchFound) {
+							break;
+						}
+					}
+				}
+				if (matchFound) {
+					policyMatched = true;
+					break;
+				}
+			}
+		}
+		return policyMatched;
+	}
+
+ 	/**
+ 	 * returns true if user is having required permission on given STORM
+ 	 * resource
+ 	 * 
+ 	 * @param resourceName
+ 	 * @param xResourceList
+ 	 * @param vXResponse
+ 	 * @param xUserId
+ 	 * @param permission
+ 	 * @return
+ 	 */
+ 	private boolean matchStormPolicy(String resourceName,
+ 			List<XXResource> xResourceList, VXResponse vXResponse, Long xUserId,
+ 			int permission) {
+ 
+ 		String[] splittedResources = stringUtil.split(resourceName,
+ 				fileSeparator);
+ 		int numberOfResources = splittedResources.length;
+ 		if (numberOfResources < 1 || numberOfResources > 3) {
+ 			logger.debug("Invalid policy name : " + resourceName);
+ 			return false;
+ 		}
+ 
+ 		boolean policyMatched = false;
+ 		// check all resources whether Knox policy is enabled in any resource
+ 		// of provided resource list
+ 		for (XXResource xResource : xResourceList) {
+ 			if (xResource.getResourceStatus() != AppConstants.STATUS_ENABLED) {
+ 				continue;
+ 			}
+ 			Long resourceId = xResource.getId();
+ 			boolean hasPermission = checkUsrPermForPolicy(xUserId, permission,
+ 					resourceId);
+ 			// if permission is enabled then load Topologies,services list from resource
+ 			if (hasPermission) {
+ 				String[] xTopologies = (xResource.getTopologies() == null || xResource
+ 						.getTopologies().equalsIgnoreCase("")) ? null : stringUtil
+ 						.split(xResource.getTopologies(), ",");
+ 				/*String[] xServices = (xResource.getServices() == null || xResource
+ 						.getServices().equalsIgnoreCase("")) ? null
+ 						: stringUtil.split(xResource.getServices(), ",");*/
+ 
+ 				boolean matchFound = false;
+ 
+ 				for (int index = 0; index < numberOfResources; index++) {
+ 					matchFound = false;
+ 					// check whether given table resource matches with any
+ 					// existing topology resource
+ 					if (index == 0) {
+ 						if(xTopologies!=null){
+ 						for (String xTopology : xTopologies) {
+ 							if (matchPath(splittedResources[index], xTopology)) {
+ 								matchFound = true;
+ 								continue;
+ 							}
+ 						}
+ 						}
+ 					} // check whether given service resource matches with
+ 						// any existing service resource
+ 					/*else if (index == 1) {
+ 						if(xServices!=null){
+ 						for (String xService : xServices) {
+ 							if (matchPath(splittedResources[index],
+ 									xService)) {
+ 								matchFound = true;
+ 								continue;
+ 							}
+ 						}
+ 						}
+ 					}*/
+ 				}
+ 				if (matchFound) {
+ 					policyMatched = true;
+ 					break;
+ 				}
+ 			}
+ 		}
+ 		return policyMatched;
+ 	}
+
+	/**
+	 * returns path without meta characters
+	 * 
+	 * @param path
+	 * @return
+	 */
+	public String replaceMetaChars(String path) {
+		if (path == null || path.isEmpty()) {
+			return path;
+		}
+
+		if (path.contains("*")) {
+			String replacement = getRandomString(5, 60);
+			path = path.replaceAll("\\*", replacement);
+		}
+		if (path.contains("?")) {
+			String replacement = getRandomString(1, 1);
+			path = path.replaceAll("\\?", replacement);
+		}
+		return path;
+	}
+
+	/**
+	 * returns random String of given length range
+	 * 
+	 * @param minLen
+	 * @param maxLen
+	 * @return
+	 */
+	private String getRandomString(int minLen, int maxLen) {
+		StringBuilder sb = new StringBuilder();
+		int len = getRandomInt(minLen, maxLen);
+		for (int i = 0; i < len; i++) {
+			int charIdx = random.nextInt(PATH_CHAR_SET_LEN);
+			sb.append(PATH_CHAR_SET[charIdx]);
+		}
+		return sb.toString();
+	}
+
+	/**
+	 * return random integer number for given range
+	 * 
+	 * @param min
+	 * @param max
+	 * @return
+	 */
+	private int getRandomInt(int min, int max) {
+		if (min == max) {
+			return min;
+		} else {
+			int interval = max - min;
+			int randomNum = random.nextInt();
+			return ((Math.abs(randomNum) % interval) + min);
+		}
+	}
+
+	/**
+	 * returns true if given userID is having specified permission on specified
+	 * resource
+	 * 
+	 * @param xUserId
+	 * @param permission
+	 * @param resourceId
+	 * @return
+	 */
+	private boolean checkUsrPermForPolicy(Long xUserId, int permission,
+			Long resourceId) {
+		// this snippet load user groups and permission map list from DB
+		List<XXGroup> userGroups = new ArrayList<XXGroup>();
+		List<XXPermMap> permMapList = new ArrayList<XXPermMap>();
+		userGroups = daoManager.getXXGroup().findByUserId(xUserId);
+		permMapList = daoManager.getXXPermMap().findByResourceId(resourceId);
+		Long publicGroupId = getPublicGroupId();
+		boolean matchFound = false;
+		for (XXPermMap permMap : permMapList) {
+			if (permMap.getPermType() == permission) {
+				if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_GROUP) {
+					// check whether permission is enabled for public group or a group to which user belongs
+					matchFound = (publicGroupId != null && publicGroupId == permMap.getGroupId()) || isGroupInList(permMap.getGroupId(), userGroups);
+				} else if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_USER) {
+					// check whether permission is enabled to user
+					matchFound = permMap.getUserId().equals(xUserId);
+				}
+			}
+			if (matchFound) {
+				break;
+			}
+		}
+		return matchFound;
+	}
+	
+	public Long getPublicGroupId() {
+		XXGroup xXGroupPublic = daoManager.getXXGroup().findByGroupName(RangerConstants.GROUP_PUBLIC);
+
+		return xXGroupPublic != null ? xXGroupPublic.getId() : null;
+	}
+
+	/**
+	 * returns true is given group id is in given group list
+	 * 
+	 * @param groupId
+	 * @param xGroupList
+	 * @return
+	 */
+	public boolean isGroupInList(Long groupId, List<XXGroup> xGroupList) {
+		for (XXGroup xGroup : xGroupList) {
+			if (xGroup.getId().equals(groupId)) {
+				return true;
+			}
+		}
+		return false;
+	}
+
+	/**
+	 * returns true if given path matches in same level or sub directories with
+	 * given wild card pattern
+	 * 
+	 * @param pathToCheck
+	 * @param wildcardPath
+	 * @return
+	 */
+	public boolean isRecursiveWildCardMatch(String pathToCheck,
+			String wildcardPath) {
+		if (pathToCheck != null) {
+			if (wildcardPath != null && wildcardPath.equals(fileSeparator)) {
+				return true;
+			}
+			StringBuilder sb = new StringBuilder();
+			for (String p : pathToCheck.split(fileSeparator)) {
+				sb.append(p);
+				boolean matchFound = FilenameUtils.wildcardMatch(sb.toString(),
+						wildcardPath);
+				if (matchFound) {
+					return true;
+				}
+				sb.append(fileSeparator);
+			}
+			sb = null;
+		}
+		return false;
+	}
+
+	/**
+	 * return List<Integer>
+	 * 
+	 * List of all possible parent return type for some specific resourceType
+	 * 
+	 * @param resourceType
+	 *            , assetType
+	 * 
+	 */
+	public List<Integer> getResorceTypeParentHirearchy(int resourceType,
+			int assetType) {
+		List<Integer> resourceTypeList = new ArrayList<Integer>();
+
+		if (assetType == AppConstants.ASSET_HDFS) {
+			resourceTypeList.add(AppConstants.RESOURCE_PATH);
+		} else if (assetType == AppConstants.ASSET_HIVE) {
+			resourceTypeList.add(AppConstants.RESOURCE_DB);
+			if (resourceType == AppConstants.RESOURCE_TABLE) {
+				resourceTypeList.add(AppConstants.RESOURCE_TABLE);
+			} else if (resourceType == AppConstants.RESOURCE_UDF) {
+				resourceTypeList.add(AppConstants.RESOURCE_UDF);
+			} else if (resourceType == AppConstants.RESOURCE_COLUMN) {
+				resourceTypeList.add(AppConstants.RESOURCE_TABLE);
+				resourceTypeList.add(AppConstants.RESOURCE_COLUMN);
+			}
+		} else if (assetType == AppConstants.ASSET_HBASE) {
+			resourceTypeList.add(AppConstants.RESOURCE_TABLE);
+			if (resourceType == AppConstants.RESOURCE_COL_FAM) {
+				resourceTypeList.add(AppConstants.RESOURCE_COL_FAM);
+			} else if (resourceType == AppConstants.RESOURCE_COLUMN) {
+				resourceTypeList.add(AppConstants.RESOURCE_COL_FAM);
+				resourceTypeList.add(AppConstants.RESOURCE_COLUMN);
+			}
+		}
+
+		return resourceTypeList;
+	}
+
+	/**
+	 * return true if both path matches exactly, wild card matching is not
+	 * checked
+	 * 
+	 * @param path1
+	 * @param path2
+	 * @return
+	 */
+	public boolean comparePathsForExactMatch(String path1, String path2) {
+		String pathSeparator = fileSeparator;
+		if (!path1.endsWith(pathSeparator)) {
+			path1 = path1.concat(pathSeparator);
+		}
+		if (!path2.endsWith(pathSeparator)) {
+			path2 = path2.concat(pathSeparator);
+		}
+		return path1.equalsIgnoreCase(path2);
+	}
+
+	/**
+	 * return true if both path matches at same level path, this function does
+	 * not match sub directories
+	 * 
+	 * @param pathToCheck
+	 * @param wildcardPath
+	 * @return
+	 */
+	public boolean nonRecursiveWildCardMatch(String pathToCheck,
+			String wildcardPath) {
+		if (pathToCheck != null && wildcardPath != null) {
+
+			List<String> pathToCheckArray = new ArrayList<String>();
+			List<String> wildcardPathArray = new ArrayList<String>();
+
+			for (String p : pathToCheck.split(fileSeparator)) {
+				pathToCheckArray.add(p);
+			}
+			for (String w : wildcardPath.split(fileSeparator)) {
+				wildcardPathArray.add(w);
+			}
+
+			if (pathToCheckArray.size() == wildcardPathArray.size()) {
+				boolean match = false;
+				for (int index = 0; index < pathToCheckArray.size(); index++) {
+					match = matchPath(pathToCheckArray.get(index),
+							wildcardPathArray.get(index));
+					if (!match)
+						return match;
+				}
+				return match;
+			}
+		}
+		return false;
+	}
+
+	/**
+	 * returns true if first and second path are same
+	 * 
+	 * @param pathToCheckFragment
+	 * @param wildCardPathFragment
+	 * @return
+	 */
+	private boolean matchPath(String pathToCheckFragment,
+			String wildCardPathFragment) {
+		if(pathToCheckFragment == null || wildCardPathFragment == null) {
+			return false;
+		}
+
+		if (pathToCheckFragment.contains("*")
+				|| pathToCheckFragment.contains("?")) {
+			pathToCheckFragment = replaceMetaChars(pathToCheckFragment);
+
+			if (wildCardPathFragment.contains("*")
+					|| wildCardPathFragment.contains("?")) {
+				return FilenameUtils.wildcardMatch(pathToCheckFragment,
+						wildCardPathFragment, IOCase.SENSITIVE);
+			} else {
+				return false;
+			}
+		} else {
+			if (wildCardPathFragment.contains("*")
+					|| wildCardPathFragment.contains("?")) {
+				return FilenameUtils.wildcardMatch(pathToCheckFragment,
+						wildCardPathFragment, IOCase.SENSITIVE);
+			} else {
+				return pathToCheckFragment.trim().equals(
+						wildCardPathFragment.trim());
+			}
+		}
+	}
+	
+	private boolean matchPath(String pathToCheck, String[] wildCardPaths) {
+		if (pathToCheck != null && wildCardPaths != null) {
+			for (String wildCardPath : wildCardPaths) {
+				if (matchPath(pathToCheck, wildCardPath)) {
+					return true;
+				}
+			}
+		}
+		
+		return false;
+	}
+
+	/**
+	 * This method returns true if first parameter value is equal to others
+	 * argument value passed
+	 * 
+	 * @param checkValue
+	 * @param otherValues
+	 * @return
+	 */
+	public static boolean areAllEqual(int checkValue, int... otherValues) {
+		for (int value : otherValues) {
+			if (value != checkValue) {
+				return false;
+			}
+		}
+		return true;
+	}
+
+	public void createTrxLog(List<XXTrxLog> trxLogList) {
+		if (trxLogList == null) {
+			return;
+		}
+
+		UserSessionBase usb = ContextUtil.getCurrentUserSession();
+		Long authSessionId = null;
+		if (usb != null) {
+			authSessionId = ContextUtil.getCurrentUserSession().getSessionId();
+		}
+		Long trxId = GUIDUtil.genLong();
+
+		for (XXTrxLog xTrxLog : trxLogList) {
+			xTrxLog.setTransactionId(trxId.toString());
+			if (authSessionId != null) {
+				xTrxLog.setSessionId("" + authSessionId);
+			}
+			xTrxLog.setSessionType("Spring Authenticated Session");
+			xTrxLog.setRequestId(trxId.toString());
+			daoManager.getXXTrxLog().create(xTrxLog);
+		}
+	}
+
+	public static int getDBFlavor() {
+
+		String dbFlavor = "";
+		boolean dbFlavorPropFound = true;
+
+		dbFlavor = PropertiesUtil.getProperty("xa.db.flavor");
+		if (dbFlavor == null || dbFlavor.trim().isEmpty()) {
+			dbFlavor = PropertiesUtil.getProperty("jdbc.dialect");
+			dbFlavorPropFound = false;
+		}
+
+		if (dbFlavor != null && !dbFlavor.trim().isEmpty()) {
+			if (dbFlavorPropFound) {
+				if ("MYSQL".equalsIgnoreCase(dbFlavor)) {
+					return AppConstants.DB_FLAVOR_MYSQL;
+				} else if ("ORACLE".equalsIgnoreCase(dbFlavor)) {
+					return AppConstants.DB_FLAVOR_ORACLE;
+				} else {
+					return AppConstants.DB_FLAVOR_UNKNOWN;
+				}
+			} else {
+				if (dbFlavor.toUpperCase().contains("MYSQL")) {
+					return AppConstants.DB_FLAVOR_MYSQL;
+				} else if (dbFlavor.toUpperCase().contains("ORACLE")) {
+					return AppConstants.DB_FLAVOR_ORACLE;
+				} else {
+					return AppConstants.DB_FLAVOR_UNKNOWN;
+				}
+			}
+		} else {
+			logger.error("Property : xa.db.flavor or jdbc.dialect, not found");
+			return AppConstants.DB_FLAVOR_UNKNOWN;
+		}
+	}
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java
index f273f2b..fb918c5 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/SessionMgr.java
@@ -29,17 +29,17 @@ import org.apache.ranger.common.DateUtil;
 import org.apache.ranger.common.HTTPUtil;
 import org.apache.ranger.common.MessageEnums;
 import org.apache.ranger.common.RESTErrorUtil;
+import org.apache.ranger.common.RangerCommonEnums;
+import org.apache.ranger.common.RangerConstants;
 import org.apache.ranger.common.SearchCriteria;
 import org.apache.ranger.common.StringUtil;
 import org.apache.ranger.common.UserSessionBase;
-import org.apache.ranger.common.XACommonEnums;
-import org.apache.ranger.common.XAConstants;
-import org.apache.ranger.db.XADaoManager;
+import org.apache.ranger.db.RangerDaoManager;
 import org.apache.ranger.entity.XXAuthSession;
 import org.apache.ranger.entity.XXPortalUser;
 import org.apache.ranger.entity.XXPortalUserRole;
-import org.apache.ranger.security.context.XAContextHolder;
-import org.apache.ranger.security.context.XASecurityContext;
+import org.apache.ranger.security.context.RangerContextHolder;
+import org.apache.ranger.security.context.RangerSecurityContext;
 import org.apache.ranger.service.AuthSessionService;
 import org.apache.ranger.util.RestUtil;
 import org.apache.ranger.view.VXAuthSession;
@@ -63,7 +63,7 @@ public class SessionMgr {
 	RESTErrorUtil restErrorUtil;
 	
 	@Autowired
-	XADaoManager daoManager;
+	RangerDaoManager daoManager;
 
 	@Autowired
 	AuthSessionService authSessionService;
@@ -87,7 +87,7 @@ public class SessionMgr {
 		boolean newSessionCreation = true;
 		UserSessionBase userSession = null;
 
-		XASecurityContext context = XAContextHolder.getSecurityContext();
+		RangerSecurityContext context = RangerContextHolder.getSecurityContext();
 		if (context != null) {
 			userSession = context.getUserSession();
 		}
@@ -177,7 +177,7 @@ public class SessionMgr {
 			String userRole = gjUserRole.getUserRole();
 
 			strRoleList.add(userRole);
-			if (userRole.equals(XAConstants.ROLE_SYS_ADMIN)) {
+			if (userRole.equals(RangerConstants.ROLE_SYS_ADMIN)) {
 				userSession.setUserAdmin(true);
 			}
 		}
@@ -192,7 +192,7 @@ public class SessionMgr {
 		gjAuthSession.setAuthTime(DateUtil.getUTCDate());
 		gjAuthSession.setAuthStatus(authStatus);
 		gjAuthSession.setAuthType(authType);
-		gjAuthSession.setDeviceType(XACommonEnums.DEVICE_UNKNOWN);
+		gjAuthSession.setDeviceType(RangerCommonEnums.DEVICE_UNKNOWN);
 		gjAuthSession.setExtSessionId(sessionId);
 		gjAuthSession.setRequestIP(remoteAddr);
 		gjAuthSession.setRequestUserAgent(null);
@@ -246,7 +246,7 @@ public class SessionMgr {
 		gjAuthSession.setAuthTime(DateUtil.getUTCDate());
 		gjAuthSession.setAuthStatus(XXAuthSession.AUTH_STATUS_SUCCESS);
 		gjAuthSession.setAuthType(authType);
-		gjAuthSession.setDeviceType(XACommonEnums.DEVICE_UNKNOWN);
+		gjAuthSession.setDeviceType(RangerCommonEnums.DEVICE_UNKNOWN);
 		gjAuthSession.setExtSessionId(null);
 		gjAuthSession.setRequestIP(ipAddress);
 		gjAuthSession.setRequestUserAgent(null);
@@ -258,9 +258,9 @@ public class SessionMgr {
 		userSession.setXXAuthSession(gjAuthSession);
 
 		// create context with user-session and set in thread-local
-		XASecurityContext context = new XASecurityContext();
+		RangerSecurityContext context = new RangerSecurityContext();
 		context.setUserSession(userSession);
-		XAContextHolder.setSecurityContext(context);
+		RangerContextHolder.setSecurityContext(context);
 
 		resetUserSessionForProfiles(userSession);
 

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
index 648d80a..c4997ab 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
@@ -33,14 +33,14 @@ import org.apache.ranger.common.DateUtil;
 import org.apache.ranger.common.GUIDUtil;
 import org.apache.ranger.common.MessageEnums;
 import org.apache.ranger.common.RESTErrorUtil;
+import org.apache.ranger.common.RangerCommonEnums;
+import org.apache.ranger.common.RangerConfigUtil;
+import org.apache.ranger.common.RangerConstants;
 import org.apache.ranger.common.SearchCriteria;
 import org.apache.ranger.common.SearchUtil;
 import org.apache.ranger.common.StringUtil;
 import org.apache.ranger.common.UserSessionBase;
-import org.apache.ranger.common.XACommonEnums;
-import org.apache.ranger.common.XAConfigUtil;
-import org.apache.ranger.common.XAConstants;
-import org.apache.ranger.db.XADaoManager;
+import org.apache.ranger.db.RangerDaoManager;
 import org.apache.ranger.entity.XXPortalUser;
 import org.apache.ranger.entity.XXPortalUserRole;
 import org.apache.ranger.entity.XXTrxLog;
@@ -65,7 +65,7 @@ public class UserMgr {
 	private static final Md5PasswordEncoder md5Encoder = new Md5PasswordEncoder();
 
 	@Autowired
-	XADaoManager daoManager;
+	RangerDaoManager daoManager;
 
 	@Autowired
 	RESTErrorUtil restErrorUtil;
@@ -77,7 +77,7 @@ public class UserMgr {
 	SearchUtil searchUtil;
 
 	@Autowired
-	XABizUtil msBizUtil;
+	RangerBizUtil msBizUtil;
 
 	@Autowired
 	SessionMgr sessionMgr;
@@ -90,13 +90,13 @@ public class UserMgr {
 	DateUtil dateUtil;
 
 	@Autowired
-	XAConfigUtil configUtil;
+	RangerConfigUtil configUtil;
 	
 	@Autowired
 	XPortalUserService xPortalUserService;
 
-	String publicRoles[] = new String[] { XAConstants.ROLE_USER,
-			XAConstants.ROLE_OTHER };
+	String publicRoles[] = new String[] { RangerConstants.ROLE_USER,
+			RangerConstants.ROLE_OTHER };
 
 	private static final List<String> DEFAULT_ROLE_LIST = new ArrayList<String>(
 			1);
@@ -104,9 +104,9 @@ public class UserMgr {
 	private static final List<String> VALID_ROLE_LIST = new ArrayList<String>(2);
 
 	static {
-		DEFAULT_ROLE_LIST.add(XAConstants.ROLE_USER);
-		VALID_ROLE_LIST.add(XAConstants.ROLE_SYS_ADMIN);
-		VALID_ROLE_LIST.add(XAConstants.ROLE_USER);
+		DEFAULT_ROLE_LIST.add(RangerConstants.ROLE_USER);
+		VALID_ROLE_LIST.add(RangerConstants.ROLE_SYS_ADMIN);
+		VALID_ROLE_LIST.add(RangerConstants.ROLE_USER);
 	}
 
 	public UserMgr() {
@@ -153,7 +153,7 @@ public class UserMgr {
 				roleList.add(role);
 			}
 		}else{
-			roleList.add(XAConstants.ROLE_USER);
+			roleList.add(RangerConstants.ROLE_USER);
 		}
 
 		return createUser(userProfile, userStatus, roleList);
@@ -483,9 +483,9 @@ public class UserMgr {
 	 */
 	public VXPortalUser deactivateUser(XXPortalUser gjUser) {
 		if (gjUser != null
-				&& gjUser.getStatus() != XAConstants.ACT_STATUS_DEACTIVATED) {
+				&& gjUser.getStatus() != RangerConstants.ACT_STATUS_DEACTIVATED) {
 			logger.info("Marking user " + gjUser.getLoginId() + " as deleted");
-			gjUser.setStatus(XAConstants.ACT_STATUS_DEACTIVATED);
+			gjUser.setStatus(RangerConstants.ACT_STATUS_DEACTIVATED);
 			gjUser = daoManager.getXXPortalUser().update(gjUser);
 			return mapXXPortalUserVXPortalUser(gjUser);
 		}
@@ -883,7 +883,7 @@ public class UserMgr {
 	}
 
 	public boolean deleteUserRole(Long userId, XXPortalUserRole gjUserRole) {
-		/*if (XAConstants.ROLE_USER.equals(gjUserRole.getUserRole())) {
+		/*if (RangerConstants.ROLE_USER.equals(gjUserRole.getUserRole())) {
 			return false;
 		}*/
 		boolean publicRole = false;
@@ -937,12 +937,12 @@ public class UserMgr {
 		XXPortalUserRole userRoleObj = new XXPortalUserRole();
 		userRoleObj.setUserRole(userRole.toUpperCase());
 		userRoleObj.setUserId(userId);
-		userRoleObj.setStatus(XAConstants.STATUS_ENABLED);
+		userRoleObj.setStatus(RangerConstants.STATUS_ENABLED);
 		daoManager.getXXPortalUserRole().create(userRoleObj);
 
 		// If role is not OTHER, then remove OTHER
-		if (!XAConstants.ROLE_OTHER.equalsIgnoreCase(userRole)) {
-			deleteUserRole(userId, XAConstants.ROLE_OTHER);
+		if (!RangerConstants.ROLE_OTHER.equalsIgnoreCase(userRole)) {
+			deleteUserRole(userId, RangerConstants.ROLE_OTHER);
 		}
 
 		sessionMgr.resetUserSessionForProfiles(ContextUtil
@@ -1024,13 +1024,13 @@ public class UserMgr {
 
 	public VXPortalUser createUser(VXPortalUser userProfile) {
 		XXPortalUser xXPortalUser = this
-				.createUser(userProfile, XACommonEnums.STATUS_ENABLED);
+				.createUser(userProfile, RangerCommonEnums.STATUS_ENABLED);
 		return mapXXPortalUserVXPortalUser(xXPortalUser);
 	}
 
 	public VXPortalUser createDefaultAccountUser(VXPortalUser userProfile) {
 		if(userProfile.getPassword()==null||userProfile.getPassword().trim().isEmpty()){
-			userProfile.setUserSource(XACommonEnums.USER_EXTERNAL);
+			userProfile.setUserSource(RangerCommonEnums.USER_EXTERNAL);
 		}
 		// access control
 		UserSessionBase session = ContextUtil.getCurrentUserSession();
@@ -1056,7 +1056,7 @@ public class UserMgr {
 					xXPortalUser = this.findByEmailAddress(emailAddress);
 					if (xXPortalUser == null) {
 						xXPortalUser = this.createUser(userProfile,
-								XACommonEnums.STATUS_ENABLED);
+								RangerCommonEnums.STATUS_ENABLED);
 					} else {
 						throw restErrorUtil
 								.createRESTException(
@@ -1070,7 +1070,7 @@ public class UserMgr {
 					String randomEmail = GUIDUtil.genGUI();
 					userProfile.setEmailAddress(randomEmail);
 					xXPortalUser = this.createUser(userProfile,
-							XACommonEnums.STATUS_ENABLED);
+							RangerCommonEnums.STATUS_ENABLED);
 				}
 			} else {
 				/*throw restErrorUtil

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/06ca8538/security-admin/src/main/java/org/apache/ranger/biz/UserMgrBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgrBase.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgrBase.java
index 568da26..6e3bb76 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgrBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgrBase.java
@@ -19,9 +19,13 @@
 
  package org.apache.ranger.biz;
 
-import org.apache.ranger.common.*;
-import org.apache.ranger.service.*;
-import org.apache.ranger.view.*;
+import org.apache.ranger.common.MessageEnums;
+import org.apache.ranger.common.RESTErrorUtil;
+import org.apache.ranger.common.SearchCriteria;
+import org.apache.ranger.service.XPortalUserService;
+import org.apache.ranger.view.VXLong;
+import org.apache.ranger.view.VXPortalUser;
+import org.apache.ranger.view.VXPortalUserList;
 import org.springframework.beans.factory.annotation.Autowired;
 public class UserMgrBase {
 


Mime
View raw message