| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| |
| package org.apache.ranger.plugin.util; |
| |
| import java.util.Collections; |
| import java.util.HashMap; |
| import java.util.Map; |
| import java.util.Set; |
| |
| import org.apache.commons.collections.CollectionUtils; |
| import org.apache.commons.collections.MapUtils; |
| import org.apache.commons.logging.Log; |
| import org.apache.commons.logging.LogFactory; |
| import org.apache.ranger.plugin.contextenricher.RangerTagForEval; |
| import org.apache.ranger.plugin.policyengine.RangerAccessResource; |
| |
| public class RangerAccessRequestUtil { |
| private static final Log LOG = LogFactory.getLog(RangerAccessRequestUtil.class); |
| |
| public static final String KEY_CONTEXT_TAGS = "TAGS"; |
| public static final String KEY_CONTEXT_TAG_OBJECT = "TAG_OBJECT"; |
| public static final String KEY_CONTEXT_RESOURCE = "RESOURCE"; |
| public static final String KEY_CONTEXT_REQUESTED_RESOURCES = "REQUESTED_RESOURCES"; |
| public static final String KEY_CONTEXT_USERSTORE = "USERSTORE"; |
| public static final String KEY_TOKEN_NAMESPACE = "token:"; |
| public static final String KEY_USER = "USER"; |
| public static final String KEY_OWNER = "OWNER"; |
| public static final String KEY_ROLES = "ROLES"; |
| public static final String KEY_CONTEXT_ACCESSTYPES = "ACCESSTYPES"; |
| public static final String KEY_CONTEXT_IS_ANY_ACCESS = "ISANYACCESS"; |
| |
| public static void setRequestTagsInContext(Map<String, Object> context, Set<RangerTagForEval> tags) { |
| if(CollectionUtils.isEmpty(tags)) { |
| context.remove(KEY_CONTEXT_TAGS); |
| } else { |
| context.put(KEY_CONTEXT_TAGS, tags); |
| } |
| } |
| |
| public static Set<RangerTagForEval> getRequestTagsFromContext(Map<String, Object> context) { |
| Set<RangerTagForEval> ret = null; |
| Object val = context.get(RangerAccessRequestUtil.KEY_CONTEXT_TAGS); |
| |
| if (val instanceof Set<?>) { |
| try { |
| @SuppressWarnings("unchecked") |
| Set<RangerTagForEval> tags = (Set<RangerTagForEval>) val; |
| |
| ret = tags; |
| } catch (Throwable t) { |
| LOG.error("getRequestTags(): failed to get tags from context", t); |
| } |
| } |
| |
| return ret; |
| } |
| |
| public static void setCurrentTagInContext(Map<String, Object> context, RangerTagForEval tag) { |
| context.put(KEY_CONTEXT_TAG_OBJECT, tag); |
| } |
| |
| public static RangerTagForEval getCurrentTagFromContext(Map<String, Object> context) { |
| RangerTagForEval ret = null; |
| Object val = context.get(KEY_CONTEXT_TAG_OBJECT); |
| |
| if(val instanceof RangerTagForEval) { |
| ret = (RangerTagForEval)val; |
| } |
| |
| return ret; |
| } |
| |
| public static void setRequestedResourcesInContext(Map<String, Object> context, RangerRequestedResources resources) { |
| context.put(KEY_CONTEXT_REQUESTED_RESOURCES, resources); |
| } |
| |
| public static RangerRequestedResources getRequestedResourcesFromContext(Map<String, Object> context) { |
| RangerRequestedResources ret = null; |
| Object val = context.get(KEY_CONTEXT_REQUESTED_RESOURCES); |
| |
| if(val instanceof RangerRequestedResources) { |
| ret = (RangerRequestedResources)val; |
| } |
| |
| return ret; |
| } |
| |
| public static void setCurrentResourceInContext(Map<String, Object> context, RangerAccessResource resource) { |
| context.put(KEY_CONTEXT_RESOURCE, resource); |
| } |
| |
| public static RangerAccessResource getCurrentResourceFromContext(Map<String, Object> context) { |
| RangerAccessResource ret = null; |
| Object val = MapUtils.isNotEmpty(context) ? context.get(KEY_CONTEXT_RESOURCE) : null; |
| |
| if(val instanceof RangerAccessResource) { |
| ret = (RangerAccessResource)val; |
| } |
| |
| return ret; |
| } |
| |
| public static Map<String, Object> copyContext(Map<String, Object> context) { |
| final Map<String, Object> ret; |
| |
| if(MapUtils.isEmpty(context)) { |
| ret = new HashMap<>(); |
| } else { |
| ret = new HashMap<>(context); |
| |
| ret.remove(KEY_CONTEXT_TAGS); |
| ret.remove(KEY_CONTEXT_TAG_OBJECT); |
| ret.remove(KEY_CONTEXT_RESOURCE); |
| // don't remove REQUESTED_RESOURCES |
| } |
| |
| return ret; |
| } |
| |
| public static void setCurrentUserInContext(Map<String, Object> context, String user) { |
| setTokenInContext(context, KEY_USER, user); |
| } |
| public static void setOwnerInContext(Map<String, Object> context, String owner) { |
| setTokenInContext(context, KEY_OWNER, owner); |
| } |
| public static String getCurrentUserFromContext(Map<String, Object> context) { |
| Object ret = getTokenFromContext(context, KEY_USER); |
| return ret != null ? ret.toString() : ""; |
| } |
| |
| public static void setTokenInContext(Map<String, Object> context, String tokenName, Object tokenValue) { |
| String tokenNameWithNamespace = KEY_TOKEN_NAMESPACE + tokenName; |
| context.put(tokenNameWithNamespace, tokenValue); |
| } |
| public static Object getTokenFromContext(Map<String, Object> context, String tokenName) { |
| String tokenNameWithNamespace = KEY_TOKEN_NAMESPACE + tokenName; |
| return MapUtils.isNotEmpty(context) ? context.get(tokenNameWithNamespace) : null; |
| } |
| |
| public static void setCurrentUserRolesInContext(Map<String, Object> context, Set<String> roles) { |
| setTokenInContext(context, KEY_ROLES, roles); |
| } |
| public static Set<String> getCurrentUserRolesFromContext(Map<String, Object> context) { |
| Object ret = getTokenFromContext(context, KEY_ROLES); |
| return ret != null ? (Set<String>) ret : Collections.EMPTY_SET; |
| } |
| |
| public static void setRequestUserStoreInContext(Map<String, Object> context, RangerUserStore rangerUserStore) { |
| context.put(KEY_CONTEXT_USERSTORE, rangerUserStore); |
| } |
| |
| public static RangerUserStore getRequestUserStoreFromContext(Map<String, Object> context) { |
| RangerUserStore ret = null; |
| Object val = context.get(KEY_CONTEXT_USERSTORE); |
| |
| if(val instanceof RangerUserStore) { |
| ret = (RangerUserStore) val; |
| } |
| |
| return ret; |
| } |
| |
| public static void setIsAnyAccessInContext(Map<String, Object> context, Boolean value) { |
| context.put(KEY_CONTEXT_IS_ANY_ACCESS, value); |
| } |
| |
| public static Boolean getIsAnyAccessInContext(Map<String, Object> context) { |
| return (Boolean)context.get(KEY_CONTEXT_IS_ANY_ACCESS); |
| } |
| } |