RANGER-3377: HDFS plugin performance improvement - conditionally ignore deny and exception conditions Signed-off-by: Madhan Neethiraj <madhan@apache.org> (cherry picked from commit 79f6cdec2cce5d6dc3a8bb72ac2a82329cba7d4a)

commit: 8d617c626b949cdadf8d914259f78d050556cc5d [log] [tgz]
author: cao zhiqiang <lfxy@163.com> Wed Aug 25 23:20:04 2021 -0700
committer: Madhan Neethiraj <madhan@apache.org> Wed Aug 25 23:56:54 2021 -0700
tree: f2e71b38353d72fa5d9ed0b0b0b48033bca679e8
parent: 88d4030531dd673fb8f8899c274bc56852e625b5 [diff]
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
index ecd6cb7..c67589c 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/policyevaluator/RangerDefaultPolicyEvaluator.java

@@ -147,9 +147,17 @@
 				denyExceptionEvaluators  = Collections.<RangerPolicyItemEvaluator>emptyList();
 			} else {
 				allowEvaluators          = createPolicyItemEvaluators(policy, serviceDef, options, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW);
-				denyEvaluators           = createPolicyItemEvaluators(policy, serviceDef, options, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY);
-				allowExceptionEvaluators = createPolicyItemEvaluators(policy, serviceDef, options, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW_EXCEPTIONS);
-				denyExceptionEvaluators  = createPolicyItemEvaluators(policy, serviceDef, options, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY_EXCEPTIONS);
+
+				if (ServiceDefUtil.getOption_enableDenyAndExceptionsInPolicies(serviceDef)) {
+					denyEvaluators           = createPolicyItemEvaluators(policy, serviceDef, options, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY);
+					allowExceptionEvaluators = createPolicyItemEvaluators(policy, serviceDef, options, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW_EXCEPTIONS);
+					denyExceptionEvaluators  = createPolicyItemEvaluators(policy, serviceDef, options, RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY_EXCEPTIONS);
+				} else {
+					denyEvaluators           = Collections.<RangerPolicyItemEvaluator>emptyList();
+					allowExceptionEvaluators = Collections.<RangerPolicyItemEvaluator>emptyList();
+					denyExceptionEvaluators  = Collections.<RangerPolicyItemEvaluator>emptyList();
+				}
+
 			}
 
 			dataMaskEvaluators  = createDataMaskPolicyItemEvaluators(policy, serviceDef, options, policy.getDataMaskPolicyItems());
@@ -1268,4 +1276,4 @@
 		return rangerConditionEvaluators;
 	}
 
-}
\ No newline at end of file
+}
commit	8d617c626b949cdadf8d914259f78d050556cc5d	[log] [tgz]
author	cao zhiqiang <lfxy@163.com>	Wed Aug 25 23:20:04 2021 -0700
committer	Madhan Neethiraj <madhan@apache.org>	Wed Aug 25 23:56:54 2021 -0700
tree	f2e71b38353d72fa5d9ed0b0b0b48033bca679e8
parent	88d4030531dd673fb8f8899c274bc56852e625b5 [diff]