ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rm...@apache.org
Subject ranger git commit: RANGER-1943 : Ranger Solr authorization is skipped when collection is empty or null
Date Fri, 22 Dec 2017 18:31:51 GMT
Repository: ranger
Updated Branches:
  refs/heads/master 4ef52b46b -> a1c14e350


RANGER-1943 : Ranger Solr authorization is skipped when collection is empty or null

Signed-off-by: rmani <rmani@hortonworks.com>


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/a1c14e35
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/a1c14e35
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/a1c14e35

Branch: refs/heads/master
Commit: a1c14e3507981968e366924667fa47079208dfda
Parents: 4ef52b4
Author: rmani <rmani@hortonworks.com>
Authored: Thu Dec 21 16:22:51 2017 -0800
Committer: rmani <rmani@hortonworks.com>
Committed: Fri Dec 22 10:31:42 2017 -0800

----------------------------------------------------------------------
 .../solr/authorizer/RangerSolrAuthorizer.java   | 53 ++++++++++++--------
 1 file changed, 33 insertions(+), 20 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/a1c14e35/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
----------------------------------------------------------------------
diff --git a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
index 0f7182d..97aa204 100644
--- a/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
+++ b/plugin-solr/src/main/java/org/apache/ranger/authorization/solr/authorizer/RangerSolrAuthorizer.java
@@ -28,6 +28,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
+import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.ranger.audit.provider.AuditProviderFactory;
@@ -196,19 +197,37 @@ public class RangerSolrAuthorizer implements AuthorizationPlugin {
 			// broken
 			// into a request
 			List<RangerAccessRequestImpl> rangerRequests = new ArrayList<RangerAccessRequestImpl>();
-			for (CollectionRequest collectionRequest : context
-					.getCollectionRequests()) {
+			List<CollectionRequest>   collectionRequests = context.getCollectionRequests();
 
+			if (CollectionUtils.isEmpty(collectionRequests)) {
+				// if Collection is empty we set the collection to *. This happens when LIST is done.
 				RangerAccessRequestImpl requestForCollection = createRequest(
 						userName, userGroups, ip, eventTime, context,
-						collectionRequest);
+						null);
 				if (requestForCollection != null) {
 					rangerRequests.add(requestForCollection);
 				}
+			} else {
+				// Create the list of requests for access check. Each field is
+				// broken
+				// into a request
+				for (CollectionRequest collectionRequest : context
+						.getCollectionRequests()) {
+
+					RangerAccessRequestImpl requestForCollection = createRequest(
+							userName, userGroups, ip, eventTime, context,
+							collectionRequest);
+					if (requestForCollection != null) {
+						rangerRequests.add(requestForCollection);
+					}
+				}
+
 			}
+
 			if (logger.isDebugEnabled()) {
 				logger.debug("rangerRequests.size()=" + rangerRequests.size());
 			}
+
 			try {
 				// Let's check the access for each request/resource
 				for (RangerAccessRequestImpl rangerRequest : rangerRequests) {
@@ -333,25 +352,19 @@ public class RangerSolrAuthorizer implements AuthorizationPlugin {
 
 		String accessType = mapToRangerAccessType(context);
 		String action = accessType;
-
-		if (collectionRequest.collectionName != null) {
-			RangerAccessRequestImpl rangerRequest = createBaseRequest(userName,
-					userGroups, ip, eventTime);
-			RangerAccessResourceImpl rangerResource = new RangerAccessResourceImpl();
-			rangerResource.setValue(KEY_COLLECTION,
-					collectionRequest.collectionName);
-			rangerRequest.setResource(rangerResource);
-			rangerRequest.setAccessType(accessType);
-			rangerRequest.setAction(action);
-
-			return rangerRequest;
+		RangerAccessRequestImpl rangerRequest = createBaseRequest(userName,
+				userGroups, ip, eventTime);
+		RangerAccessResourceImpl rangerResource = new RangerAccessResourceImpl();
+		if (collectionRequest == null) {
+			rangerResource.setValue(KEY_COLLECTION, "*");
+		} else {
+			rangerResource.setValue(KEY_COLLECTION, collectionRequest.collectionName);
 		}
-		
-		logger.fatal("Can't create RangerRequest object. userName="
-				+ userName + ", accessType=" + accessType + ", ip=" + ip
-				+ ", collectionRequest=" + collectionRequest);
+		rangerRequest.setResource(rangerResource);
+		rangerRequest.setAccessType(accessType);
+		rangerRequest.setAction(action);
 
-		return null;
+		return rangerRequest;
 	}
 
 	private RangerAccessRequestImpl createBaseRequest(String userName,


Mime
View raw message