ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From zsom...@apache.org
Subject ranger git commit: RANGER-2035: backport to 0.7 - fix the null implClass handling, which is possible on oracle db
Date Wed, 28 Mar 2018 07:24:25 GMT
Repository: ranger
Updated Branches:
  refs/heads/ranger-0.7 0c948119d -> 21b880271


RANGER-2035: backport to 0.7 - fix the null implClass handling, which is possible on oracle
db


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/21b88027
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/21b88027
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/21b88027

Branch: refs/heads/ranger-0.7
Commit: 21b88027195b97a64094b6a4bd8694f3228feedc
Parents: 0c94811
Author: Zsombor Gegesy <zsombor@apache.org>
Authored: Fri Mar 23 11:41:15 2018 +0100
Committer: Zsombor Gegesy <zsombor@apache.org>
Committed: Fri Mar 23 11:41:15 2018 +0100

----------------------------------------------------------------------
 .../org/apache/ranger/biz/RangerBizUtil.java    | 33 ++++++++------------
 .../org/apache/ranger/rest/ServiceREST.java     |  8 +++--
 2 files changed, 18 insertions(+), 23 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/21b88027/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
index 4d6227d..8b8ce36 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
@@ -1452,14 +1452,12 @@ public class RangerBizUtil {
 		if (xxDbBase != null && xxDbBase instanceof XXServiceDef) {
 			XXServiceDef xServiceDef = (XXServiceDef) xxDbBase;
 			String implClass = xServiceDef.getImplclassname();
-			if (implClass == null) {
-				return false;
-			}
-
-			if (isKeyAdmin && implClass.equals(EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME))
{
-				return true;
-			} else if ((isSysAdmin || isUser) && !implClass.equals(EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME))
{
-				return true;
+			if (EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME.equals(implClass)) {
+				// KMS case
+				return isKeyAdmin;
+			} else {
+				// Other cases - implClass can be null!
+				return isSysAdmin || isUser;
 			}
 		}
 
@@ -1474,18 +1472,13 @@ public class RangerBizUtil {
 			XXService xService = (XXService) xxDbBase;
 			XXServiceDef xServiceDef = daoManager.getXXServiceDef().getById(xService.getType());
 			String implClass = xServiceDef.getImplclassname();
-			if (implClass == null) {
-				return false;
-			}
-
-			if (isKeyAdmin && implClass.equals(EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME))
{
-				return true;
-			} else if (isUser && !implClass.equals(EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME))
{
-				return true;
+			if (EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME.equals(implClass)) {
+				// KMS case
+				return isKeyAdmin;
+			} else {
+				// Other cases - implClass can be null!
+				return isUser;
 			}
-			// else if ((isSysAdmin || isUser) && !implClass.equals(EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME))
{
-			// return true;
-			// }
 		}
 		return false;
 	}
@@ -1517,7 +1510,7 @@ public class RangerBizUtil {
 		// TODO: As of now we are allowing SYS_ADMIN to create/update/read/delete all the
 		// services including KMS
 
-		if (objType.equalsIgnoreCase("Service-Def") && session.isUserAdmin() &&
implClassName.equals(EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME)) {
+		if (objType.equalsIgnoreCase("Service-Def") && session.isUserAdmin() &&
EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME.equals(implClassName)) {
 			throw restErrorUtil.createRESTException("System Admin cannot create/update/delete KMS
" + objType,
 					MessageEnums.OPER_NO_PERMISSION);
 		}

http://git-wip-us.apache.org/repos/asf/ranger/blob/21b88027/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 6e6d241..e2a0c29 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -319,7 +319,9 @@ public class ServiceREST {
 
 			bizUtil.hasAdminPermissions("Service-Def");
 			XXServiceDef xServiceDef = daoManager.getXXServiceDef().getById(id);
-			bizUtil.hasKMSPermissions("Service-Def", xServiceDef.getImplclassname());
+			if (xServiceDef != null) {
+				bizUtil.hasKMSPermissions("Service-Def", xServiceDef.getImplclassname());
+			}
 
 			String forceDeleteStr = request.getParameter("forceDelete");
 			boolean forceDelete = false;
@@ -3053,13 +3055,13 @@ public class ServiceREST {
 			XXServiceDef xServiceDef = daoManager.getXXServiceDef().getById(xService.getType());
 
 			if (isAdmin) {
-				if (xServiceDef.getImplclassname().equals(EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME))
{
+				if (EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME.equals(xServiceDef.getImplclassname()))
{
 					throw restErrorUtil.createRESTException(
 							"KMS Policies/Services/Service-Defs are not accessible for user '" + userName + "'.",
 							MessageEnums.OPER_NO_PERMISSION);
 				}
 			} else if (isKeyAdmin) {
-				if (!xServiceDef.getImplclassname().equals(EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME))
{
+				if (!EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME.equals(xServiceDef.getImplclassname()))
{
 					throw restErrorUtil.createRESTException(
 							"Only KMS Policies/Services/Service-Defs are accessible for user '" + userName + "'.",
 							MessageEnums.OPER_NO_PERMISSION);


Mime
View raw message