ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject incubator-ranger git commit: RANGER-322: renamed RangerResource class and added utility methods
Date Fri, 20 Mar 2015 07:27:34 GMT
Repository: incubator-ranger
Updated Branches:
  refs/heads/master cf05516bf -> 4bf8a3fae


RANGER-322: renamed RangerResource class and added utility methods


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/4bf8a3fa
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/4bf8a3fa
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/4bf8a3fa

Branch: refs/heads/master
Commit: 4bf8a3fae805e1175ba62588ea578abb4a9d9880
Parents: cf05516
Author: Madhan Neethiraj <madhan@apache.org>
Authored: Thu Mar 19 23:35:11 2015 -0700
Committer: Madhan Neethiraj <madhan@apache.org>
Committed: Fri Mar 20 00:25:14 2015 -0700

----------------------------------------------------------------------
 .../plugin/audit/RangerDefaultAuditHandler.java |  60 +----
 .../ranger/plugin/policyengine/CacheMap.java    |   2 +
 .../plugin/policyengine/RangerAccessData.java   |  39 ----
 .../policyengine/RangerAccessRequest.java       |   2 +-
 .../policyengine/RangerAccessRequestImpl.java   |  28 +--
 .../policyengine/RangerAccessResource.java      |  44 ++++
 .../policyengine/RangerAccessResourceImpl.java  | 222 +++++++++++++++++++
 .../policyengine/RangerMutableResource.java     |   2 +-
 .../policyengine/RangerPolicyEngineImpl.java    |   8 +-
 .../RangerPolicyEvaluatorFacade.java            |  24 +-
 .../policyengine/RangerPolicyRepository.java    |  43 ++--
 .../plugin/policyengine/RangerResource.java     |  33 ---
 .../plugin/policyengine/RangerResourceImpl.java | 126 -----------
 .../RangerDefaultPolicyEvaluator.java           |   8 +-
 .../policyevaluator/RangerPolicyEvaluator.java  |   6 +-
 .../ranger/plugin/service/RangerBasePlugin.java |   4 +-
 .../plugin/policyengine/TestPolicyEngine.java   |   8 +-
 .../hbase/AuthorizationSession.java             |   4 +-
 .../authorization/hbase/TestPolicyEngine.java   |  12 +-
 .../namenode/RangerFSPermissionChecker.java     |  41 +---
 .../hive/authorizer/RangerHiveAuditHandler.java |   9 +-
 .../hive/authorizer/RangerHiveAuthorizer.java   |   6 +-
 .../hive/authorizer/RangerHiveResource.java     | 125 ++---------
 .../authorization/knox/KnoxRangerPlugin.java    |   4 +-
 .../yarn/authorizer/RangerYarnAuthorizer.java   |  46 +---
 .../apache/ranger/common/RangerSearchUtil.java  |  23 +-
 .../org/apache/ranger/rest/ServiceREST.java     |  24 +-
 .../authorization/storm/StormRangerPlugin.java  |   4 +-
 28 files changed, 420 insertions(+), 537 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java b/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
index feb6e98..28796dd 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/audit/RangerDefaultAuditHandler.java
@@ -28,17 +28,14 @@ import org.apache.commons.logging.LogFactory;
 import org.apache.ranger.audit.model.AuthzAuditEvent;
 import org.apache.ranger.audit.provider.AuditProviderFactory;
 import org.apache.ranger.plugin.model.RangerServiceDef;
-import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
 import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
 import org.apache.ranger.plugin.policyengine.RangerAccessResult;
-import org.apache.ranger.plugin.policyengine.RangerResource;
+import org.apache.ranger.plugin.policyengine.RangerAccessResource;
 
 
 public class RangerDefaultAuditHandler implements RangerAuditHandler {
 	private static final Log LOG = LogFactory.getLog(RangerDefaultAuditHandler.class);
 
-	private static final String RESOURCE_SEP = "/";
-
 
 	public RangerDefaultAuditHandler() {
 	}
@@ -84,9 +81,10 @@ public class RangerDefaultAuditHandler implements RangerAuditHandler {
 		RangerAccessRequest request = result != null ? result.getAccessRequest() : null;
 
 		if(request != null && result != null && result.getIsAudited()) {
-			RangerServiceDef serviceDef   = result.getServiceDef();
-			String           resourceType = getResourceName(request.getResource(), serviceDef);
-			String           resourcePath = getResourceValueAsString(request.getResource(), serviceDef);
+			RangerServiceDef     serviceDef   = result.getServiceDef();
+			RangerAccessResource resource     = request.getResource();
+			String               resourceType = resource == null ? null : resource.getLeafName(serviceDef);
+			String               resourcePath = resource == null ? null : resource.getAsString(serviceDef);
 
 			ret = createAuthzAuditEvent();
 
@@ -180,52 +178,4 @@ public class RangerDefaultAuditHandler implements RangerAuditHandler {
 	public AuthzAuditEvent createAuthzAuditEvent() {
 		return new AuthzAuditEvent();
 	}
-
-	public String getResourceName(RangerResource resource, RangerServiceDef serviceDef) {
-		String ret = null;
-
-		if(resource != null && serviceDef != null && serviceDef.getResources() != null) {
-			List<RangerResourceDef> resourceDefs = serviceDef.getResources();
-
-			for(int idx = resourceDefs.size() - 1; idx >= 0; idx--) {
-				RangerResourceDef resourceDef = resourceDefs.get(idx);
-
-				if(resourceDef == null || !resource.exists(resourceDef.getName())) {
-					continue;
-				}
-
-				ret = resourceDef.getName();
-
-				break;
-			}
-		}
-		
-		return ret;
-	}
-
-	public String getResourceValueAsString(RangerResource resource, RangerServiceDef serviceDef) {
-		String ret = null;
-
-		if(resource != null && serviceDef != null && serviceDef.getResources() != null) {
-			StringBuilder sb = new StringBuilder();
-
-			for(RangerResourceDef resourceDef : serviceDef.getResources()) {
-				if(resourceDef == null || !resource.exists(resourceDef.getName())) {
-					continue;
-				}
-
-				if(sb.length() > 0) {
-					sb.append(RESOURCE_SEP);
-				}
-
-				sb.append(resource.getValue(resourceDef.getName()));
-			}
-
-			if(sb.length() > 0) {
-				ret = sb.toString();
-			}
-		}
-
-		return ret;
-	}
 }

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/CacheMap.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/CacheMap.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/CacheMap.java
index 382577e..c5f2fc0 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/CacheMap.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/CacheMap.java
@@ -22,6 +22,8 @@ import java.util.LinkedHashMap;
 import java.util.Map;
 
 public class CacheMap<K, V> extends LinkedHashMap<K, V> {
+    private static final long serialVersionUID = 1L;
+
     private static final float RANGER_CACHE_DEFAULT_LOAD_FACTOR = 0.75f;
 
     protected int maxCapacity;

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessData.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessData.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessData.java
deleted file mode 100644
index 34f7428..0000000
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessData.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.policyengine;
-
-
-public class RangerAccessData<T> {
-    private String accessFDN    = null;
-    private T accessDetails    = null;
-
-    public RangerAccessData(String accessFDN) {
-        this.accessFDN = accessFDN;
-    }
-    public String getAccessFDN() {
-        return accessFDN;
-    }
-    public T getAccessDetails() {
-        return accessDetails;
-    }
-    public void setAccessDetails(T accessDetails) {
-        this.accessDetails = accessDetails;
-    }
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java
index 56a55ae..511896e 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequest.java
@@ -24,7 +24,7 @@ import java.util.Map;
 import java.util.Set;
 
 public interface RangerAccessRequest {
-	RangerResource getResource();
+	RangerAccessResource getResource();
 
 	String getAccessType();
 

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java
index bc23763..48e5cf8 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessRequestImpl.java
@@ -27,23 +27,23 @@ import java.util.Set;
 
 
 public class RangerAccessRequestImpl implements RangerAccessRequest {
-	private RangerResource      resource        = null;
-	private String              accessType      = null;
-	private String              user            = null;
-	private Set<String>         userGroups      = null;
-	private Date                accessTime      = null;
-	private String              clientIPAddress = null;
-	private String              clientType      = null;
-	private String              action          = null;
-	private String              requestData     = null;
-	private String              sessionId       = null;
-	private Map<String, Object> context         = null;
+	private RangerAccessResource resource        = null;
+	private String               accessType      = null;
+	private String               user            = null;
+	private Set<String>          userGroups      = null;
+	private Date                 accessTime      = null;
+	private String               clientIPAddress = null;
+	private String               clientType      = null;
+	private String               action          = null;
+	private String               requestData     = null;
+	private String               sessionId       = null;
+	private Map<String, Object>  context         = null;
 
 	public RangerAccessRequestImpl() {
 		this(null, null, null, null);
 	}
 
-	public RangerAccessRequestImpl(RangerResource resource, String accessType, String user, Set<String> userGroups) {
+	public RangerAccessRequestImpl(RangerAccessResource resource, String accessType, String user, Set<String> userGroups) {
 		setResource(resource);
 		setAccessType(accessType);
 		setUser(user);
@@ -60,7 +60,7 @@ public class RangerAccessRequestImpl implements RangerAccessRequest {
 	}
 
 	@Override
-	public RangerResource getResource() {
+	public RangerAccessResource getResource() {
 		return resource;
 	}
 
@@ -114,7 +114,7 @@ public class RangerAccessRequestImpl implements RangerAccessRequest {
 		return context;
 	}
 
-	public void setResource(RangerResource resource) {
+	public void setResource(RangerAccessResource resource) {
 		this.resource = resource;
 	}
 

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResource.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResource.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResource.java
new file mode 100644
index 0000000..82c0248
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResource.java
@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.policyengine;
+
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.ranger.plugin.model.RangerServiceDef;
+
+
+public interface RangerAccessResource {
+	public static final String RESOURCE_SEP = "/";
+
+	public abstract String getOwnerUser();
+
+	public abstract boolean exists(String name);
+
+	public abstract String getValue(String name);
+
+	public Set<String> getKeys();
+
+	public String getLeafName(RangerServiceDef serviceDef);
+
+	public String getAsString(RangerServiceDef serviceDef);
+
+	public Map<String, String> getAsMap();
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceImpl.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceImpl.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceImpl.java
new file mode 100644
index 0000000..7c26f90
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerAccessResourceImpl.java
@@ -0,0 +1,222 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.plugin.policyengine;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.apache.commons.lang.ObjectUtils;
+import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
+
+
+public class RangerAccessResourceImpl implements RangerMutableResource {
+	private String              ownerUser        = null;
+	private Map<String, String> elements         = null;
+	private String              stringifiedValue = null;
+	private String              leafName         = null;
+
+
+	public RangerAccessResourceImpl() {
+		this(null, null);
+	}
+
+	public RangerAccessResourceImpl(Map<String, String> elements) {
+		this(elements, null);
+	}
+
+	public RangerAccessResourceImpl(Map<String, String> elements, String ownerUser) {
+		this.elements  = elements;
+		this.ownerUser = ownerUser;
+	}
+
+	@Override
+	public String getOwnerUser() {
+		return ownerUser;
+	}
+
+	@Override
+	public boolean exists(String name) {
+		return elements != null && elements.containsKey(name);
+	}
+
+	@Override
+	public String getValue(String name) {
+		String ret = null;
+
+		if(elements != null && elements.containsKey(name)) {
+			ret = elements.get(name);
+		}
+
+		return ret;
+	}
+
+	@Override
+	public Set<String> getKeys() {
+		Set<String> ret = null;
+
+		if(elements != null) {
+			ret = elements.keySet();
+		}
+
+		return ret;
+	}
+
+	@Override
+	public void setOwnerUser(String ownerUser) {
+		this.ownerUser = ownerUser;
+	}
+
+	@Override
+	public void setValue(String name, String value) {
+		if(value == null) {
+			if(elements != null) {
+				elements.remove(name);
+
+				if(elements.isEmpty()) {
+					elements = null;
+				}
+			}
+		} else {
+			if(elements == null) {
+				elements = new HashMap<String, String>();
+			}
+			elements.put(name, value);
+		}
+
+		// reset, so that these will be computed again with updated elements
+		stringifiedValue = leafName = null;
+	}
+
+	@Override
+	public String getLeafName(RangerServiceDef serviceDef) {
+		String ret = leafName;
+
+		if(ret == null) {
+			if(serviceDef != null && serviceDef.getResources() != null) {
+				List<RangerResourceDef> resourceDefs = serviceDef.getResources();
+
+				for(int idx = resourceDefs.size() - 1; idx >= 0; idx--) {
+					RangerResourceDef resourceDef = resourceDefs.get(idx);
+
+					if(resourceDef == null || !exists(resourceDef.getName())) {
+						continue;
+					}
+
+					ret = leafName = resourceDef.getName();
+
+					break;
+				}
+			}
+		}
+
+		return ret;
+	}
+
+	@Override
+	public String getAsString(RangerServiceDef serviceDef) {
+		String ret = stringifiedValue;
+
+		if(ret == null) {
+			if(serviceDef != null && serviceDef.getResources() != null) {
+				StringBuilder sb = new StringBuilder();
+
+				for(RangerResourceDef resourceDef : serviceDef.getResources()) {
+					if(resourceDef == null || !exists(resourceDef.getName())) {
+						continue;
+					}
+
+					if(sb.length() > 0) {
+						sb.append(RESOURCE_SEP);
+					}
+
+					sb.append(getValue(resourceDef.getName()));
+				}
+
+				if(sb.length() > 0) {
+					ret = stringifiedValue = sb.toString();
+				}
+			}
+		}
+
+		return ret;
+	}
+
+	@Override
+	public Map<String, String> getAsMap() {
+		return Collections.unmodifiableMap(elements);
+	}
+
+	@Override
+	public boolean equals(Object obj) {
+		if(obj == null || !(obj instanceof RangerAccessResourceImpl)) {
+			return false;
+		}
+
+		if(this == obj) {
+			return true;
+		}
+
+		RangerAccessResourceImpl other = (RangerAccessResourceImpl) obj;
+
+		return ObjectUtils.equals(ownerUser, other.ownerUser) &&
+			   ObjectUtils.equals(elements, other.elements);
+	}
+
+	@Override
+	public int hashCode() {
+		int ret = 7;
+
+		ret = 31 * ret + ObjectUtils.hashCode(ownerUser);
+		ret = 31 * ret + ObjectUtils.hashCode(elements);
+
+		return ret;
+	}
+
+	@Override
+	public String toString( ) {
+		StringBuilder sb = new StringBuilder();
+
+		toString(sb);
+
+		return sb.toString();
+	}
+
+	public StringBuilder toString(StringBuilder sb) {
+		sb.append("RangerResourceImpl={");
+
+		sb.append("ownerUser={").append(ownerUser).append("} ");
+
+		sb.append("elements={");
+		if(elements != null) {
+			for(Map.Entry<String, String> e : elements.entrySet()) {
+				sb.append(e.getKey()).append("=").append(e.getValue()).append("; ");
+			}
+		}
+		sb.append("} ");
+
+		sb.append("}");
+
+		return sb;
+	}
+}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java
index f49bf8c..16ab725 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerMutableResource.java
@@ -20,7 +20,7 @@
 package org.apache.ranger.plugin.policyengine;
 
 
-public interface RangerMutableResource extends RangerResource {
+public interface RangerMutableResource extends RangerAccessResource {
 	void setOwnerUser(String ownerUser);
 
 	void setValue(String type, String value);

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
index d590548..7227e9e 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEngineImpl.java
@@ -166,7 +166,8 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine {
 			List<RangerPolicyEvaluatorFacade> evaluators = policyRepository.getPolicyEvaluators();
 
 			if(evaluators != null) {
-				policyRepository.retrieveAuditEnabled(request, ret);
+				boolean foundInCache = policyRepository.setAuditEnabledFromCache(request, ret);
+
 				for(RangerPolicyEvaluator evaluator : evaluators) {
 					evaluator.evaluate(request, ret);
 
@@ -175,7 +176,10 @@ public class RangerPolicyEngineImpl implements RangerPolicyEngine {
 						break;
 					}
 				}
-				policyRepository.storeAuditEnabled(request, ret);
+
+				if(! foundInCache) {
+					policyRepository.storeAuditEnabledInCache(request, ret);
+				}
 
 			}
 		}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEvaluatorFacade.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEvaluatorFacade.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEvaluatorFacade.java
index b95b053..92dedba 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEvaluatorFacade.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyEvaluatorFacade.java
@@ -35,11 +35,10 @@ public class RangerPolicyEvaluatorFacade implements RangerPolicyEvaluator, Compa
 
     RangerDefaultPolicyEvaluator delegate  =   null;
     int computedPolicyEvalOrder            =   0;
-    boolean useCachePolicyEngine         = false;
 
     RangerPolicyEvaluatorFacade(boolean useCachePolicyEngine) {
         super();
-        this.useCachePolicyEngine = useCachePolicyEngine;
+
         delegate = new RangerOptimizedPolicyEvaluator();
     }
 
@@ -50,12 +49,15 @@ public class RangerPolicyEvaluatorFacade implements RangerPolicyEvaluator, Compa
     @Override
     public void init(RangerPolicy policy, RangerServiceDef serviceDef) {
         if(LOG.isDebugEnabled()) {
-            LOG.debug("==> RangerPolicyEvaluatorFacade.init(), useCachePolicyEngine:" + useCachePolicyEngine);
+            LOG.debug("==> RangerPolicyEvaluatorFacade.init()");
         }
+
         delegate.init(policy, serviceDef);
+
         computedPolicyEvalOrder = computePolicyEvalOrder();
+
         if(LOG.isDebugEnabled()) {
-            LOG.debug("<== RangerPolicyEvaluatorFacade.init(), useCachePolicyEngine:" + useCachePolicyEngine);
+            LOG.debug("<== RangerPolicyEvaluatorFacade.init()");
         }
     }
 
@@ -75,12 +77,12 @@ public class RangerPolicyEvaluatorFacade implements RangerPolicyEvaluator, Compa
     }
 
     @Override
-    public boolean isMatch(RangerResource resource) {
+    public boolean isMatch(RangerAccessResource resource) {
         return false;
     }
 
     @Override
-    public boolean isSingleAndExactMatch(RangerResource resource) {
+    public boolean isSingleAndExactMatch(RangerAccessResource resource) {
         return false;
     }
 
@@ -89,21 +91,21 @@ public class RangerPolicyEvaluatorFacade implements RangerPolicyEvaluator, Compa
         if(LOG.isDebugEnabled()) {
             LOG.debug("==> RangerPolicyEvaluatorFacade.compareTo()");
         }
+
         int result;
 
         if (this.getComputedPolicyEvalOrder() == other.getComputedPolicyEvalOrder()) {
-            Map<String, RangerConditionEvaluator> myConditionEvaluators = this.delegate.getConditionEvaluators();
+            Map<String, RangerConditionEvaluator> myConditionEvaluators    = this.delegate.getConditionEvaluators();
             Map<String, RangerConditionEvaluator> otherConditionEvaluators = other.delegate.getConditionEvaluators();
 
-            int myConditionEvaluatorCount = myConditionEvaluators == null ? 0 : myConditionEvaluators.size();
+            int myConditionEvaluatorCount    = myConditionEvaluators == null ? 0 : myConditionEvaluators.size();
             int otherConditionEvaluatorCount = otherConditionEvaluators == null ? 0 : otherConditionEvaluators.size();
 
             result = Integer.compare(myConditionEvaluatorCount, otherConditionEvaluatorCount);
         } else {
-            int myComputedPriority = this.getComputedPolicyEvalOrder();
-            int otherComputedPriority = other.getComputedPolicyEvalOrder();
-            result = Integer.compare(myComputedPriority, otherComputedPriority);
+            result = Integer.compare(computedPolicyEvalOrder, other.computedPolicyEvalOrder);
         }
+
         if(LOG.isDebugEnabled()) {
             LOG.debug("<== RangerPolicyEvaluatorFacade.compareTo(), result:" + result);
         }

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
index ff55990..4ed11c1 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerPolicyRepository.java
@@ -43,7 +43,7 @@ public class RangerPolicyRepository {
     private RangerServiceDef serviceDef                         = null;
     // Not used at this time
     private boolean useCachePolicyEngine                                = false;
-    private Map<String, RangerAccessData<Boolean>> accessAuditCache     = null;
+    private Map<String, Boolean> accessAuditCache     = null;
 
     private static int RANGER_POLICYENGINE_AUDITRESULT_CACHE_SIZE = 64*1024;
 
@@ -65,7 +65,6 @@ public class RangerPolicyRepository {
     }
 
     void init(RangerServiceDef serviceDef, List<RangerPolicy> policies) {
-
         if(LOG.isDebugEnabled()) {
             LOG.debug("==> RangerPolicyRepository.init(" + serviceDef + ", policies.count=" + (policies == null ? 0 : policies.size()) + ")");
         }
@@ -105,7 +104,7 @@ public class RangerPolicyRepository {
 
         int auditResultCacheSize = RangerConfiguration.getInstance().getInt(propertyName, RANGER_POLICYENGINE_AUDITRESULT_CACHE_SIZE);
 
-        accessAuditCache = new CacheMap<String, RangerAccessData<Boolean>>(auditResultCacheSize);
+        accessAuditCache = new CacheMap<String, Boolean>(auditResultCacheSize);
 
         if(LOG.isDebugEnabled()) {
             LOG.debug("<== RangerPolicyRepository.init(" + serviceDef + ", policies.count=" + (policies == null ? 0 : policies.size()) + ")");
@@ -159,33 +158,45 @@ public class RangerPolicyRepository {
         return ret;
     }
 
-    synchronized void retrieveAuditEnabled(RangerAccessRequest request, RangerAccessResult ret) {
+    boolean setAuditEnabledFromCache(RangerAccessRequest request, RangerAccessResult result) {
         if (LOG.isDebugEnabled()) {
-            LOG.debug("==> RangerPolicyRepository.retrieveAuditEnabled()");
+            LOG.debug("==> RangerPolicyRepository.setAuditEnabledFromCache()");
         }
-        RangerAccessData<Boolean> value = accessAuditCache.get(request.getResource().toString());
+
+        Boolean value = null;
+
+        synchronized (accessAuditCache) {
+	        value = accessAuditCache.get(request.getResource().getAsString(getServiceDef()));
+        }
+
         if ((value != null)) {
-            ret.setIsAudited(value.getAccessDetails());
+            result.setIsAudited(value);
         }
 
         if (LOG.isDebugEnabled()) {
-            LOG.debug("<== RangerPolicyRepository.retrieveAuditEnabled()");
+            LOG.debug("<== RangerPolicyRepository.setAuditEnabledFromCache()");
         }
+
+        return value != null;
     }
 
-    synchronized void storeAuditEnabled(RangerAccessRequest request, RangerAccessResult ret) {
+     void storeAuditEnabledInCache(RangerAccessRequest request, RangerAccessResult ret) {
         if (LOG.isDebugEnabled()) {
-            LOG.debug("==> RangerPolicyRepository.storeAuditEnabled()");
+            LOG.debug("==> RangerPolicyRepository.storeAuditEnabledInCache()");
         }
-        RangerAccessData<Boolean> lookup = accessAuditCache.get(request.getResource().toString());
-        if ((lookup == null && ret.getIsAuditedDetermined() == true)) {
-            RangerAccessData<Boolean> value = new RangerAccessData<Boolean>(request.toString());
-            value.setAccessDetails(ret.getIsAudited());
-            accessAuditCache.put(request.getResource().toString(), value);
+
+        if ((ret.getIsAuditedDetermined() == true)) {
+            String strResource = request.getResource().getAsString(getServiceDef());
+
+            Boolean value = ret.getIsAudited() ? Boolean.TRUE : Boolean.FALSE;
+
+            synchronized(accessAuditCache) {
+	            accessAuditCache.put(strResource, value);
+	        }
         }
 
         if (LOG.isDebugEnabled()) {
-            LOG.debug("<== RangerPolicyRepository.storeAuditEnabled()");
+            LOG.debug("<== RangerPolicyRepository.storeAuditEnabledInCache()");
         }
     }
 

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java
deleted file mode 100644
index 6941bc3..0000000
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResource.java
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.policyengine;
-
-import java.util.Set;
-
-
-public interface RangerResource {
-	public abstract String getOwnerUser();
-
-	public abstract boolean exists(String name);
-
-	public abstract String getValue(String name);
-
-	public Set<String> getKeys();
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java
deleted file mode 100644
index da82cc3..0000000
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyengine/RangerResourceImpl.java
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.ranger.plugin.policyengine;
-
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
-
-
-public class RangerResourceImpl implements RangerMutableResource {
-	private String              ownerUser = null;
-	private Map<String, String> elements  = null;
-
-
-	public RangerResourceImpl() {
-		this(null, null);
-	}
-
-	public RangerResourceImpl(Map<String, String> elements) {
-		this(elements, null);
-	}
-
-	public RangerResourceImpl(Map<String, String> elements, String ownerUser) {
-		this.elements  = elements;
-		this.ownerUser = ownerUser;
-	}
-
-	@Override
-	public String getOwnerUser() {
-		return ownerUser;
-	}
-
-	@Override
-	public boolean exists(String name) {
-		return elements != null && elements.containsKey(name);
-	}
-
-	@Override
-	public String getValue(String name) {
-		String ret = null;
-
-		if(elements != null && elements.containsKey(name)) {
-			ret = elements.get(name);
-		}
-
-		return ret;
-	}
-
-	@Override
-	public Set<String> getKeys() {
-		Set<String> ret = null;
-
-		if(elements != null) {
-			ret = elements.keySet();
-		}
-
-		return ret;
-	}
-
-	@Override
-	public void setOwnerUser(String ownerUser) {
-		this.ownerUser = ownerUser;
-	}
-
-	@Override
-	public void setValue(String name, String value) {
-		if(value == null) {
-			if(elements != null) {
-				elements.remove(name);
-
-				if(elements.isEmpty()) {
-					elements = null;
-				}
-			}
-		} else {
-			if(elements == null) {
-				elements = new HashMap<String, String>();
-			}
-			elements.put(name, value);
-		}
-	}
-
-	@Override
-	public String toString( ) {
-		StringBuilder sb = new StringBuilder();
-
-		toString(sb);
-
-		return sb.toString();
-	}
-
-	public StringBuilder toString(StringBuilder sb) {
-		sb.append("RangerResourceImpl={");
-
-		sb.append("ownerUser={").append(ownerUser).append("} ");
-
-		sb.append("elements={");
-		if(elements != null) {
-			for(Map.Entry<String, String> e : elements.entrySet()) {
-				sb.append(e.getKey()).append("=").append(e.getValue()).append("; ");
-			}
-		}
-		sb.append("} ");
-
-		sb.append("}");
-
-		return sb;
-	}
-}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
index b264664..d5332b2 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
@@ -37,7 +37,7 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
 import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
 import org.apache.ranger.plugin.policyengine.RangerAccessResult;
 import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
-import org.apache.ranger.plugin.policyengine.RangerResource;
+import org.apache.ranger.plugin.policyengine.RangerAccessResource;
 import org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher;
 import org.apache.ranger.plugin.resourcematcher.RangerResourceMatcher;
 
@@ -324,7 +324,7 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator
     }
 
 	@Override
-	public boolean isMatch(RangerResource resource) {
+	public boolean isMatch(RangerAccessResource resource) {
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerDefaultPolicyEvaluator.isMatch(" + resource + ")");
 		}
@@ -370,7 +370,7 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator
 		return ret;
 	}
 
-	public boolean isSingleAndExactMatch(RangerResource resource) {
+	public boolean isSingleAndExactMatch(RangerAccessResource resource) {
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerDefaultPolicyEvaluator.isSingleAndExactMatch(" + resource + ")");
 		}
@@ -415,7 +415,7 @@ public class RangerDefaultPolicyEvaluator extends RangerAbstractPolicyEvaluator
 		return ret;
 	}
 
-	protected boolean matchResourceHead(RangerResource resource) {
+	protected boolean matchResourceHead(RangerAccessResource resource) {
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> RangerDefaultPolicyEvaluator.matchResourceHead(" + resource + ")");
 		}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
index cfe53a8..35164b2 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerPolicyEvaluator.java
@@ -24,7 +24,7 @@ import org.apache.ranger.plugin.model.RangerPolicy;
 import org.apache.ranger.plugin.model.RangerServiceDef;
 import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
 import org.apache.ranger.plugin.policyengine.RangerAccessResult;
-import org.apache.ranger.plugin.policyengine.RangerResource;
+import org.apache.ranger.plugin.policyengine.RangerAccessResource;
 
 public interface RangerPolicyEvaluator {
 	void init(RangerPolicy policy, RangerServiceDef serviceDef);
@@ -35,7 +35,7 @@ public interface RangerPolicyEvaluator {
 
 	void evaluate(RangerAccessRequest request, RangerAccessResult result);
 
-	boolean isMatch(RangerResource resource);
+	boolean isMatch(RangerAccessResource resource);
 
-	boolean isSingleAndExactMatch(RangerResource resource);
+	boolean isSingleAndExactMatch(RangerAccessResource resource);
 }

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
----------------------------------------------------------------------
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
index 33060e4..b1a1b16 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/service/RangerBasePlugin.java
@@ -37,7 +37,7 @@ import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
 import org.apache.ranger.plugin.policyengine.RangerAccessResult;
 import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
 import org.apache.ranger.plugin.policyengine.RangerPolicyEngineImpl;
-import org.apache.ranger.plugin.policyengine.RangerResourceImpl;
+import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
 import org.apache.ranger.plugin.util.GrantRevokeRequest;
 import org.apache.ranger.plugin.util.PolicyRefresher;
 
@@ -328,7 +328,7 @@ public class RangerBasePlugin {
 		if(request != null && auditHandler != null && policyEngine != null) {
 			RangerAccessRequestImpl accessRequest = new RangerAccessRequestImpl();
 	
-			accessRequest.setResource(new RangerResourceImpl(request.getResource()));
+			accessRequest.setResource(new RangerAccessResourceImpl(request.getResource()));
 			accessRequest.setUser(request.getGrantor());
 			accessRequest.setAccessType(RangerPolicyEngine.ADMIN_ACCESS);
 			accessRequest.setAction(action);

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
----------------------------------------------------------------------
diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
index f940c30..b4175e2 100644
--- a/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
+++ b/agents-common/src/test/java/org/apache/ranger/plugin/policyengine/TestPolicyEngine.java
@@ -52,7 +52,7 @@ public class TestPolicyEngine {
 		gsonBuilder = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z")
 									   .setPrettyPrinting()
 									   .registerTypeAdapter(RangerAccessRequest.class, new RangerAccessRequestDeserializer())
-									   .registerTypeAdapter(RangerResource.class,  new RangerResourceDeserializer())
+									   .registerTypeAdapter(RangerAccessResource.class,  new RangerResourceDeserializer())
 									   .create();
 	}
 
@@ -134,11 +134,11 @@ public class TestPolicyEngine {
 		}
 	}
 	
-	static class RangerResourceDeserializer implements JsonDeserializer<RangerResource> {
+	static class RangerResourceDeserializer implements JsonDeserializer<RangerAccessResource> {
 		@Override
-		public RangerResource deserialize(JsonElement jsonObj, Type type,
+		public RangerAccessResource deserialize(JsonElement jsonObj, Type type,
 				JsonDeserializationContext context) throws JsonParseException {
-			return gsonBuilder.fromJson(jsonObj, RangerResourceImpl.class);
+			return gsonBuilder.fromJson(jsonObj, RangerAccessResourceImpl.class);
 		}
 	}
 }

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java
----------------------------------------------------------------------
diff --git a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java
index bf3048e..3513bcb 100644
--- a/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java
+++ b/hbase-agent/src/main/java/org/apache/ranger/authorization/hbase/AuthorizationSession.java
@@ -30,7 +30,7 @@ import org.apache.ranger.audit.model.AuthzAuditEvent;
 import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
 import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
 import org.apache.ranger.plugin.policyengine.RangerAccessResult;
-import org.apache.ranger.plugin.policyengine.RangerResourceImpl;
+import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
 import org.apache.ranger.plugin.service.RangerBasePlugin;
 
 import com.google.common.base.Objects;
@@ -156,7 +156,7 @@ public class AuthorizationSession {
 		// session can be reused so reset its state
 		zapAuthorizationState();
 		// TODO get this via a factory instead
-		RangerResourceImpl resource = new RangerResourceImpl();
+		RangerAccessResourceImpl resource = new RangerAccessResourceImpl();
 		// policy engine should deal sensibly with null/empty values, if any
 		resource.setValue("table", _table);
 		resource.setValue("column-family", _columnFamily);

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/TestPolicyEngine.java
----------------------------------------------------------------------
diff --git a/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/TestPolicyEngine.java b/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/TestPolicyEngine.java
index 9ed627d..59e79d0 100644
--- a/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/TestPolicyEngine.java
+++ b/hbase-agent/src/test/java/org/apache/ranger/authorization/hbase/TestPolicyEngine.java
@@ -36,8 +36,8 @@ import org.apache.ranger.plugin.model.RangerServiceDef;
 import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
 import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
 import org.apache.ranger.plugin.policyengine.RangerAccessResult;
-import org.apache.ranger.plugin.policyengine.RangerResource;
-import org.apache.ranger.plugin.policyengine.RangerResourceImpl;
+import org.apache.ranger.plugin.policyengine.RangerAccessResource;
+import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
 import org.apache.ranger.plugin.service.RangerBasePlugin;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
@@ -62,7 +62,7 @@ public class TestPolicyEngine {
 		gsonBuilder = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z")
 									   .setPrettyPrinting()
 									   .registerTypeAdapter(RangerAccessRequest.class, new RangerAccessRequestDeserializer())
-									   .registerTypeAdapter(RangerResource.class,  new RangerResourceDeserializer())
+									   .registerTypeAdapter(RangerAccessResource.class,  new RangerResourceDeserializer())
 									   .create();
 	}
 
@@ -165,11 +165,11 @@ public class TestPolicyEngine {
 		}
 	}
 	
-	static class RangerResourceDeserializer implements JsonDeserializer<RangerResource> {
+	static class RangerResourceDeserializer implements JsonDeserializer<RangerAccessResource> {
 		@Override
-		public RangerResource deserialize(JsonElement jsonObj, Type type,
+		public RangerAccessResource deserialize(JsonElement jsonObj, Type type,
 				JsonDeserializationContext context) throws JsonParseException {
-			return gsonBuilder.fromJson(jsonObj, RangerResourceImpl.class);
+			return gsonBuilder.fromJson(jsonObj, RangerAccessResourceImpl.class);
 		}
 	}
 }

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java
----------------------------------------------------------------------
diff --git a/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java b/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java
index adf2680..592e77f 100644
--- a/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java
+++ b/hdfs-agent/src/main/java/org/apache/hadoop/hdfs/server/namenode/RangerFSPermissionChecker.java
@@ -42,7 +42,8 @@ import org.apache.ranger.plugin.model.RangerServiceDef;
 import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
 import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
 import org.apache.ranger.plugin.policyengine.RangerAccessResult;
-import org.apache.ranger.plugin.policyengine.RangerResource;
+import org.apache.ranger.plugin.policyengine.RangerAccessResource;
+import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
 import org.apache.ranger.plugin.service.RangerBasePlugin;
 
 import com.google.common.collect.Sets;
@@ -216,40 +217,13 @@ class RangerHdfsPlugin extends RangerBasePlugin {
 	}
 }
 
-class RangerHdfsResource implements RangerResource {
+class RangerHdfsResource extends RangerAccessResourceImpl {
 	private static final String KEY_PATH = "path";
 
-	private static final Set<String> KEYS_PATH = Sets.newHashSet(KEY_PATH);
-
-	private String path  = null;
-	private String owner = null;
 
 	public RangerHdfsResource(String path, String owner) {
-		this.path  = path;
-		this.owner = owner;
-	}
-
-	@Override
-	public String getOwnerUser() {
-		return owner;
-	}
-
-	@Override
-	public boolean exists(String name) {
-		return StringUtils.equalsIgnoreCase(name, KEY_PATH);
-	}
-
-	@Override
-	public String getValue(String name) {
-		if(StringUtils.equalsIgnoreCase(name, KEY_PATH)) {
-			return path;
-		}
-
-		return null;
-	}
-
-	public Set<String> getKeys() {
-		return KEYS_PATH;
+		super.setValue(KEY_PATH, path);
+		super.setOwnerUser(owner);
 	}
 }
 
@@ -313,8 +287,9 @@ class RangerHdfsAuditHandler extends RangerDefaultAuditHandler {
 
 		RangerAccessRequest request      = result.getAccessRequest();
 		RangerServiceDef    serviceDef   = result.getServiceDef();
-		String              resourceType = getResourceName(request.getResource(), serviceDef);
-		String              resourcePath = getResourceValueAsString(request.getResource(), serviceDef);
+		RangerAccessResource      resource     = request.getResource();
+		String              resourceType = resource != null ? resource.getLeafName(serviceDef) : null;
+		String              resourcePath = resource != null ? resource.getAsString(serviceDef) : null;
 
 		auditEvent.setUser(request.getUser());
 		auditEvent.setResourcePath(pathToBeValidated);

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
index ac8113b..7110861 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuditHandler.java
@@ -66,7 +66,7 @@ public class RangerHiveAuditHandler extends RangerDefaultAuditHandler {
 		auditEvent.setRepositoryType(result.getServiceType());
 		auditEvent.setRepositoryName(result.getServiceName()) ;
 		auditEvent.setRequestData(request.getRequestData());
-		auditEvent.setResourcePath(getResourceValueAsString(resource, result.getServiceDef()));
+		auditEvent.setResourcePath(resource != null ? resource.getAsString(result.getServiceDef()) : null);
 
 		addAuthzAuditEvent(auditEvent);
 	}
@@ -106,15 +106,16 @@ public class RangerHiveAuditHandler extends RangerDefaultAuditHandler {
 				auditEvent.setRepositoryType(result.getServiceType());
 				auditEvent.setRepositoryName(result.getServiceName()) ;
 				auditEvent.setRequestData(request.getRequestData());
-				auditEvent.setResourcePath(getResourceValueAsString(resource, result.getServiceDef()));
+
+				auditEvent.setResourcePath(resource != null ? resource.getAsString(result.getServiceDef()) : null);
 			} else if(result.getIsAllowed()){
 				auditEvent.setResourcePath(auditEvent.getResourcePath() + "," + resource.getColumn());
 			} else {
-				auditEvent.setResourcePath(getResourceValueAsString(resource, result.getServiceDef()));
+				auditEvent.setResourcePath(resource != null ? resource.getAsString(result.getServiceDef()) : null);
 			}
 			
 			if(!result.getIsAllowed()) {
-				auditEvent.setResourcePath(getResourceValueAsString(resource, result.getServiceDef()));
+				auditEvent.setResourcePath(resource != null ? resource.getAsString(result.getServiceDef()) : null);
 
 				break;
 			}

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index cc56bb9..72e6652 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -299,7 +299,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
 	            			continue;
 	            		}
 
-	            		RangerHiveResource colResource = new RangerHiveResource(HiveObjectType.COLUMN, resource.getDatabase(), resource.getTableOrUdf(), column);
+	                	RangerHiveResource colResource = new RangerHiveResource(HiveObjectType.COLUMN, resource.getDatabase(), resource.getTable(), column);
 
 	            		RangerHiveAccessRequest colRequest = request.copy();
 	            		colRequest.setResource(colResource);
@@ -323,7 +323,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
 	            }
 
 				if(result != null && !result.getIsAllowed()) {
-					String path = auditHandler.getResourceValueAsString(request.getResource(), result.getServiceDef());
+					String path = resource != null ? resource.getAsString(result.getServiceDef()) : null;
 	
 					throw new HiveAccessControlException(String.format("Permission denied: user [%s] does not have [%s] privilege on [%s]",
 														 user, request.getHiveAccessType().name(), path));
@@ -710,7 +710,7 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase {
 		ret.setReplaceExistingPermissions(Boolean.FALSE);
 
 		String database = StringUtils.isEmpty(resource.getDatabase()) ? "*" : resource.getDatabase();
-		String table    = StringUtils.isEmpty(resource.getTableOrUdf()) ? "*" : resource.getTableOrUdf();
+		String table    = StringUtils.isEmpty(resource.getTable()) ? "*" : resource.getTable();
 		String column   = StringUtils.isEmpty(resource.getColumn()) ? "*" : resource.getColumn();
 
 		Map<String, String> mapResource = new HashMap<String, String>();

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java
----------------------------------------------------------------------
diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java
index d49bd66..a29acea 100644
--- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java
+++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveResource.java
@@ -19,32 +19,18 @@
 
 package org.apache.ranger.authorization.hive.authorizer;
 
-import java.util.Set;
 
-import org.apache.commons.lang.ObjectUtils;
-import org.apache.commons.lang.StringUtils;
-import org.apache.ranger.plugin.policyengine.RangerResource;
+import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
 
-import com.google.common.collect.Sets;
 
 
-public class RangerHiveResource implements RangerResource {
+public class RangerHiveResource extends RangerAccessResourceImpl {
 	public static final String KEY_DATABASE = "database";
 	public static final String KEY_TABLE    = "table";
 	public static final String KEY_UDF      = "udf";
 	public static final String KEY_COLUMN   = "column";
 
-	public static final Set<String> KEYS_DATABASE = Sets.newHashSet(KEY_DATABASE);
-	public static final Set<String> KEYS_TABLE    = Sets.newHashSet(KEY_DATABASE, KEY_TABLE);
-	public static final Set<String> KEYS_UDF      = Sets.newHashSet(KEY_DATABASE, KEY_UDF);
-	public static final Set<String> KEYS_COLUMN   = Sets.newHashSet(KEY_DATABASE, KEY_TABLE, KEY_COLUMN);
-
 	private HiveObjectType objectType = null;
-	private String         database   = null;
-	private String         tableOrUdf = null;
-	private String         column     = null;
-	private Set<String>    keys       = null;
-
 
 	public RangerHiveResource(HiveObjectType objectType, String database) {
 		this(objectType, database, null, null);
@@ -56,130 +42,55 @@ public class RangerHiveResource implements RangerResource {
 	
 	public RangerHiveResource(HiveObjectType objectType, String database, String tableOrUdf, String column) {
 		this.objectType = objectType;
-		this.database   = database;
-		this.tableOrUdf = tableOrUdf;
-		this.column     = column;
 
 		switch(objectType) {
 			case DATABASE:
-				keys = KEYS_DATABASE;
+				setValue(KEY_DATABASE, database);
 			break;
 	
 			case FUNCTION:
-				keys = KEYS_UDF;
+				setValue(KEY_DATABASE, database);
+				setValue(KEY_UDF, tableOrUdf);
 			break;
 
 			case COLUMN:
-				keys = KEYS_COLUMN;
+				setValue(KEY_DATABASE, database);
+				setValue(KEY_TABLE, tableOrUdf);
+				setValue(KEY_COLUMN, column);
 			break;
 
 			case TABLE:
 			case VIEW:
 			case INDEX:
 			case PARTITION:
-				keys = KEYS_TABLE;
+				setValue(KEY_DATABASE, database);
+				setValue(KEY_TABLE, tableOrUdf);
 			break;
 
 			case NONE:
 			case URI:
 			default:
-				keys = null;
 			break;
 		}
 	}
 
-	@Override
-	public String getOwnerUser() {
-		return null; // no owner information available
-	}
-
-	@Override
-	public boolean exists(String name) {
-		return !StringUtils.isEmpty(getValue(name));
-	}
-
-	@Override
-	public String getValue(String name) {
-		if(StringUtils.equalsIgnoreCase(name, KEY_DATABASE)) {
-			return database;
-		} else if(objectType == HiveObjectType.FUNCTION) {
-			if(StringUtils.equalsIgnoreCase(name, KEY_UDF)) {
-				return tableOrUdf;
-			}
-		} else if(StringUtils.equalsIgnoreCase(name, KEY_TABLE)) {
-			return tableOrUdf;
-		} else  if(StringUtils.equalsIgnoreCase(name, KEY_COLUMN)) {
-			return column;
-		}
-
-		return null;
-	}
-
-	public Set<String> getKeys() {
-		return keys;
-	}
-
-	@Override
-	public boolean equals(Object obj) {
-		if(obj == null || !(obj instanceof RangerHiveResource)) {
-			return false;
-		}
-
-		if(this == obj) {
-			return true;
-		}
-
-		RangerHiveResource other = (RangerHiveResource) obj;
-
-		return ObjectUtils.equals(objectType, other.objectType) &&
-			   ObjectUtils.equals(database, other.database) &&
-			   ObjectUtils.equals(tableOrUdf, other.tableOrUdf) &&
-			   ObjectUtils.equals(column, other.column);
-	}
-
-	@Override
-	public int hashCode() {
-		int ret = 7;
-
-		ret = 31 * ret + ObjectUtils.hashCode(objectType);
-		ret = 31 * ret + ObjectUtils.hashCode(database);
-		ret = 31 * ret + ObjectUtils.hashCode(tableOrUdf);
-		ret = 31 * ret + ObjectUtils.hashCode(column);
-
-		return ret;
-	}
-
-	@Override
-	public String toString() {
-		StringBuilder sb = new StringBuilder();
-
-		toString(sb);
-
-		return sb.toString();
-	}
-
-	public StringBuilder toString(StringBuilder sb) {
-		sb.append("objectType={").append(objectType).append("} ");
-		sb.append("database={").append(database).append("} ");
-		sb.append("tableOrUdf={").append(tableOrUdf).append("} ");
-		sb.append("column={").append(column).append("} ");
-		
-		return sb;
-	}
-
 	public HiveObjectType getObjectType() {
 		return objectType;
 	}
 
 	public String getDatabase() {
-		return database;
+		return getValue(KEY_DATABASE);
+	}
+
+	public String getTable() {
+		return getValue(KEY_TABLE);
 	}
 
-	public String getTableOrUdf() {
-		return tableOrUdf;
+	public String getUdf() {
+		return getValue(KEY_UDF);
 	}
 
 	public String getColumn() {
-		return column;
+		return getValue(KEY_COLUMN);
 	}
 }

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/knox-agent/src/main/java/org/apache/ranger/authorization/knox/KnoxRangerPlugin.java
----------------------------------------------------------------------
diff --git a/knox-agent/src/main/java/org/apache/ranger/authorization/knox/KnoxRangerPlugin.java b/knox-agent/src/main/java/org/apache/ranger/authorization/knox/KnoxRangerPlugin.java
index 354d2f0..643450c 100644
--- a/knox-agent/src/main/java/org/apache/ranger/authorization/knox/KnoxRangerPlugin.java
+++ b/knox-agent/src/main/java/org/apache/ranger/authorization/knox/KnoxRangerPlugin.java
@@ -27,7 +27,7 @@ import org.apache.ranger.authorization.knox.KnoxRangerPlugin.KnoxConstants.Resou
 import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
 import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
 import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
-import org.apache.ranger.plugin.policyengine.RangerResourceImpl;
+import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
 import org.apache.ranger.plugin.service.RangerBasePlugin;
 
 public class KnoxRangerPlugin extends RangerBasePlugin {
@@ -85,7 +85,7 @@ public class KnoxRangerPlugin extends RangerBasePlugin {
 		
 		RangerAccessRequest build() {
 			// build resource
-			RangerResourceImpl resource = new RangerResourceImpl();
+			RangerAccessResourceImpl resource = new RangerAccessResourceImpl();
 			resource.setValue(ResourceName.Service, _service);
 			resource.setValue(ResourceName.Topology, _topology);
 			// build request

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java
----------------------------------------------------------------------
diff --git a/plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java b/plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java
index cc82c81..ff20097 100644
--- a/plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java
+++ b/plugin-yarn/src/main/java/org/apache/ranger/authorization/yarn/authorizer/RangerYarnAuthorizer.java
@@ -22,15 +22,12 @@ package org.apache.ranger.authorization.yarn.authorizer;
 
 import java.net.InetAddress;
 import java.util.Collection;
-import java.util.Collections;
-import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
 
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.collections.MapUtils;
-import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.hadoop.conf.Configuration;
@@ -43,7 +40,7 @@ import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
 import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
 import org.apache.ranger.plugin.policyengine.RangerAccessResult;
 import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
-import org.apache.ranger.plugin.policyengine.RangerResource;
+import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
 import org.apache.ranger.plugin.service.RangerBasePlugin;
 import org.apache.ranger.plugin.util.GrantRevokeRequest;
 
@@ -155,7 +152,7 @@ public class RangerYarnAuthorizer extends YarnAuthorizationProvider {
 			RangerYarnResource resource = new RangerYarnResource(entity);
 
 			GrantRevokeRequest request = new GrantRevokeRequest();
-			request.setResource(resource.getResourceAsMap());
+			request.setResource(resource.getAsMap());
 			request.setGrantor(ugi.getShortUserName());
 			request.setDelegateAdmin(Boolean.FALSE);
 			request.setEnableAudit(Boolean.TRUE);
@@ -249,44 +246,11 @@ class RangerYarnPlugin extends RangerBasePlugin {
 	}
 }
 
-class RangerYarnResource implements RangerResource {
-	private static final String      KEY_QUEUE  = "queue";
-	private static final Set<String> KEYS_QUEUE = Sets.newHashSet(KEY_QUEUE);
-
-	private String queue = null;
+class RangerYarnResource extends RangerAccessResourceImpl {
+	private static final String KEY_QUEUE = "queue";
 
 	public RangerYarnResource(PrivilegedEntity entity) {
-		this.queue = entity != null ? entity.getName() : null;
-	}
-
-	@Override
-	public String getOwnerUser() {
-		return null;
-	}
-
-	@Override
-	public boolean exists(String name) {
-		return !StringUtils.isEmpty(queue) && StringUtils.equals(name, KEY_QUEUE);
-	}
-
-	@Override
-	public String getValue(String name) {
-		return StringUtils.equals(name, KEY_QUEUE) ? queue : null;
-	}
-
-	@Override
-	public Set<String> getKeys() {
-		return StringUtils.isEmpty(queue) ? Collections.<String>emptySet() : KEYS_QUEUE;
-	}
-
-	public Map<String, String> getResourceAsMap() {
-		Map<String, String> ret = new HashMap<String, String>();
-
-		if(!StringUtils.isEmpty(queue)) {
-			ret.put(KEY_QUEUE, queue);
-		}
-
-		return ret;
+		setValue(KEY_QUEUE, entity != null ? entity.getName() : null);
 	}
 }
 

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java b/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
index e5ad26c..192734e 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
@@ -22,7 +22,6 @@
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
-import java.util.Map;
 
 import javax.persistence.EntityManager;
 import javax.persistence.Query;
@@ -64,13 +63,11 @@ public class RangerSearchUtil extends SearchUtil {
 	private StringBuilder buildWhereClause(SearchFilter searchCriteria, List<SearchField> searchFields) {
 		return buildWhereClause(searchCriteria, searchFields, false, false);
 	}
-	
+
 	private StringBuilder buildWhereClause(SearchFilter searchCriteria,
 			List<SearchField> searchFields, boolean isNativeQuery,
 			boolean excludeWhereKeyword) {
 
-		Map<String, String> paramList = searchCriteria.getParams();
-
 		StringBuilder whereClause = new StringBuilder(excludeWhereKeyword ? "" : "WHERE 1 = 1 ");
 
 		List<String> joinTableList = new ArrayList<String>();
@@ -83,7 +80,7 @@ public class RangerSearchUtil extends SearchUtil {
 			}
 
 			if (searchField.getDataType() == SearchField.DATA_TYPE.INTEGER) {
-				Integer paramVal = restErrorUtil.parseInt(paramList.get(searchField.getClientFieldName()),
+				Integer paramVal = restErrorUtil.parseInt(searchCriteria.getParam(searchField.getClientFieldName()),
 						"Invalid value for " + searchField.getClientFieldName(),
 						MessageEnums.INVALID_INPUT_DATA, null, searchField.getClientFieldName());
 				
@@ -99,7 +96,7 @@ public class RangerSearchUtil extends SearchUtil {
 					}
 				}
 			} else if (searchField.getDataType() == SearchField.DATA_TYPE.STRING) {
-				String strFieldValue = paramList.get(searchField.getClientFieldName());
+				String strFieldValue = searchCriteria.getParam(searchField.getClientFieldName());
 				if (strFieldValue != null) {
 					if (searchField.getCustomCondition() == null) {
 						whereClause.append(" and ").append("LOWER(").append(searchField.getFieldName()).append(")");
@@ -113,7 +110,7 @@ public class RangerSearchUtil extends SearchUtil {
 					}
 				}
 			} else if (searchField.getDataType() == SearchField.DATA_TYPE.BOOLEAN) {
-				Boolean boolFieldValue = restErrorUtil.parseBoolean(paramList.get(searchField.getClientFieldName()),
+				Boolean boolFieldValue = restErrorUtil.parseBoolean(searchCriteria.getParam(searchField.getClientFieldName()),
 						"Invalid value for " + searchField.getClientFieldName(),
 						MessageEnums.INVALID_INPUT_DATA, null, searchField.getClientFieldName());
 				
@@ -128,7 +125,7 @@ public class RangerSearchUtil extends SearchUtil {
 					}
 				}
 			} else if (searchField.getDataType() == SearchField.DATA_TYPE.DATE) {
-				Date fieldValue = restErrorUtil.parseDate(paramList.get(searchField.getClientFieldName()), 
+				Date fieldValue = restErrorUtil.parseDate(searchCriteria.getParam(searchField.getClientFieldName()), 
 						"Invalid value for " + searchField.getClientFieldName(), MessageEnums.INVALID_INPUT_DATA, 
 						null, searchField.getClientFieldName(), null);
 				if (fieldValue != null) {
@@ -168,12 +165,10 @@ public class RangerSearchUtil extends SearchUtil {
 	
 	protected void resolveQueryParams(Query query, SearchFilter searchCriteria, List<SearchField> searchFields) {
 
-		Map<String, String> paramList = searchCriteria.getParams();
-
 		for (SearchField searchField : searchFields) {
 
 			if (searchField.getDataType() == SearchField.DATA_TYPE.INTEGER) {
-				Integer paramVal = restErrorUtil.parseInt(paramList.get(searchField.getClientFieldName()),
+				Integer paramVal = restErrorUtil.parseInt(searchCriteria.getParam(searchField.getClientFieldName()),
 						"Invalid value for " + searchField.getClientFieldName(),
 						MessageEnums.INVALID_INPUT_DATA, null, searchField.getClientFieldName());
 				
@@ -182,7 +177,7 @@ public class RangerSearchUtil extends SearchUtil {
 					query.setParameter(searchField.getClientFieldName(), intFieldValue);
 				}
 			} else if (searchField.getDataType() == SearchField.DATA_TYPE.STRING) {
-				String strFieldValue = paramList.get(searchField.getClientFieldName());
+				String strFieldValue = searchCriteria.getParam(searchField.getClientFieldName());
 				if (strFieldValue != null) {
 					if (searchField.getSearchType() == SearchField.SEARCH_TYPE.FULL) {
 						query.setParameter(searchField.getClientFieldName(), strFieldValue.trim().toLowerCase());
@@ -191,7 +186,7 @@ public class RangerSearchUtil extends SearchUtil {
 					}
 				}
 			} else if (searchField.getDataType() == SearchField.DATA_TYPE.BOOLEAN) {
-				Boolean boolFieldValue = restErrorUtil.parseBoolean(paramList.get(searchField.getClientFieldName()),
+				Boolean boolFieldValue = restErrorUtil.parseBoolean(searchCriteria.getParam(searchField.getClientFieldName()),
 						"Invalid value for " + searchField.getClientFieldName(),
 						MessageEnums.INVALID_INPUT_DATA, null, searchField.getClientFieldName());
 				
@@ -199,7 +194,7 @@ public class RangerSearchUtil extends SearchUtil {
 					query.setParameter(searchField.getClientFieldName(), boolFieldValue);
 				}
 			} else if (searchField.getDataType() == SearchField.DATA_TYPE.DATE) {
-				Date fieldValue = restErrorUtil.parseDate(paramList.get(searchField.getClientFieldName()), 
+				Date fieldValue = restErrorUtil.parseDate(searchCriteria.getParam(searchField.getClientFieldName()), 
 						"Invalid value for " + searchField.getClientFieldName(), MessageEnums.INVALID_INPUT_DATA, 
 						null, searchField.getClientFieldName(), null);
 				if (fieldValue != null) {

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 617a084..ec64e89 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -64,8 +64,8 @@ import org.apache.ranger.plugin.model.validation.RangerValidator.Action;
 import org.apache.ranger.plugin.model.RangerService;
 import org.apache.ranger.plugin.model.RangerServiceDef;
 import org.apache.ranger.plugin.policyengine.RangerPolicyEngine;
-import org.apache.ranger.plugin.policyengine.RangerResource;
-import org.apache.ranger.plugin.policyengine.RangerResourceImpl;
+import org.apache.ranger.plugin.policyengine.RangerAccessResource;
+import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
 import org.apache.ranger.plugin.policyevaluator.RangerDefaultPolicyEvaluator;
 import org.apache.ranger.plugin.policyevaluator.RangerPolicyEvaluator;
 import org.apache.ranger.plugin.service.ResourceLookupContext;
@@ -533,9 +533,9 @@ public class ServiceREST {
 		if (serviceUtil.isValidateHttpsAuthentication(serviceName, request)) {
 
 			try {
-				String         userName   = grantRequest.getGrantor();
-				Set<String>    userGroups = Collections.<String>emptySet(); // TODO: get groups for the grantor from Ranger database
-				RangerResource resource   = new RangerResourceImpl(grantRequest.getResource());
+				String               userName   = grantRequest.getGrantor();
+				Set<String>          userGroups = Collections.<String>emptySet(); // TODO: get groups for the grantor from Ranger database
+				RangerAccessResource resource   = new RangerAccessResourceImpl(grantRequest.getResource());
 	
 				boolean isAdmin = isAdminForResource(userName, userGroups, serviceName, resource);
 	
@@ -714,9 +714,9 @@ public class ServiceREST {
 		if (serviceUtil.isValidateHttpsAuthentication(serviceName,request)) {
 
 			try {
-				String         userName   = revokeRequest.getGrantor();
-				Set<String>    userGroups = Collections.<String>emptySet(); // TODO: get groups for the grantor from Ranger databas
-				RangerResource resource   = new RangerResourceImpl(revokeRequest.getResource());
+				String               userName   = revokeRequest.getGrantor();
+				Set<String>          userGroups = Collections.<String>emptySet(); // TODO: get groups for the grantor from Ranger databas
+				RangerAccessResource resource   = new RangerAccessResourceImpl(revokeRequest.getResource());
 	
 				boolean isAdmin = isAdminForResource(userName, userGroups, serviceName, resource);
 				
@@ -1120,7 +1120,7 @@ public class ServiceREST {
 		}
 	}
 
-	private boolean isAdminForResource(String userName, Set<String> userGroups, String serviceName, RangerResource resource) throws Exception {
+	private boolean isAdminForResource(String userName, Set<String> userGroups, String serviceName, RangerAccessResource resource) throws Exception {
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> ServiceREST.isAdminForResource(" + userName + ", " + serviceName + ", " + resource + ")");
 		}
@@ -1165,7 +1165,7 @@ public class ServiceREST {
 		return ret;
 	}
 
-	private RangerPolicy getExactMatchPolicyForResource(String serviceName, RangerResource resource) throws Exception {
+	private RangerPolicy getExactMatchPolicyForResource(String serviceName, RangerAccessResource resource) throws Exception {
 		if(LOG.isDebugEnabled()) {
 			LOG.debug("==> ServiceREST.getExactMatchPolicyForResource(" + serviceName + ", " + resource + ")");
 		}
@@ -1191,7 +1191,7 @@ public class ServiceREST {
 		return ret;
 	}
 
-	private boolean isMatch(RangerPolicy policy, RangerResource resource) throws Exception {
+	private boolean isMatch(RangerPolicy policy, RangerAccessResource resource) throws Exception {
 		boolean ret = false;
 
 		String        serviceName = policy.getService();
@@ -1216,7 +1216,7 @@ public class ServiceREST {
 		return ret;
 	}
 
-	private boolean isSingleAndExactMatch(RangerPolicy policy, RangerResource resource) throws Exception {
+	private boolean isSingleAndExactMatch(RangerPolicy policy, RangerAccessResource resource) throws Exception {
 		boolean ret = false;
 
 		String        serviceName = policy.getService();

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/4bf8a3fa/storm-agent/src/main/java/org/apache/ranger/authorization/storm/StormRangerPlugin.java
----------------------------------------------------------------------
diff --git a/storm-agent/src/main/java/org/apache/ranger/authorization/storm/StormRangerPlugin.java b/storm-agent/src/main/java/org/apache/ranger/authorization/storm/StormRangerPlugin.java
index db5e0af..b61e209 100644
--- a/storm-agent/src/main/java/org/apache/ranger/authorization/storm/StormRangerPlugin.java
+++ b/storm-agent/src/main/java/org/apache/ranger/authorization/storm/StormRangerPlugin.java
@@ -10,7 +10,7 @@ import org.apache.ranger.authorization.storm.StormRangerPlugin.StormConstants.Re
 import org.apache.ranger.plugin.audit.RangerDefaultAuditHandler;
 import org.apache.ranger.plugin.policyengine.RangerAccessRequest;
 import org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl;
-import org.apache.ranger.plugin.policyengine.RangerResourceImpl;
+import org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl;
 import org.apache.ranger.plugin.service.RangerBasePlugin;
 
 import com.google.common.collect.Sets;
@@ -52,7 +52,7 @@ public class StormRangerPlugin extends RangerBasePlugin {
 		request.setAccessType(_operation);
 		request.setClientIPAddress(_clientIp);
 		// build resource and connect stuff into request
-		RangerResourceImpl resource = new RangerResourceImpl();
+		RangerAccessResourceImpl resource = new RangerAccessResourceImpl();
 		resource.setValue(ResourceName.Topology, _topology);
 		request.setResource(resource);
 		


Mime
View raw message