Repository: incubator-atlas Updated Branches: refs/heads/master 19751c60b -> 353ea964e
http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/util/XMLPropertiesUtil.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/atlas/util/XMLPropertiesUtil.java b/webapp/src/main/java/org/apache/atlas/util/XMLPropertiesUtil.java deleted file mode 100644 index 9c4f1c7..0000000 --- a/webapp/src/main/java/org/apache/atlas/util/XMLPropertiesUtil.java +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.atlas.util; - -import java.io.IOException; -import java.io.InputStream; -import java.util.Properties; - -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; - -import org.apache.log4j.Logger; -import org.springframework.util.DefaultPropertiesPersister; -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.w3c.dom.Node; -import org.w3c.dom.NodeList; - -public class XMLPropertiesUtil extends DefaultPropertiesPersister { - private static Logger logger = Logger.getLogger(XMLPropertiesUtil.class); - - public XMLPropertiesUtil() { - } - - @Override - public void loadFromXml(Properties properties, InputStream inputStream) - throws IOException { - try { - DocumentBuilderFactory xmlDocumentBuilderFactory = DocumentBuilderFactory - .newInstance(); - xmlDocumentBuilderFactory.setIgnoringComments(true); - xmlDocumentBuilderFactory.setNamespaceAware(true); - DocumentBuilder xmlDocumentBuilder = xmlDocumentBuilderFactory - .newDocumentBuilder(); - Document xmlDocument = xmlDocumentBuilder.parse(inputStream); - xmlDocument.getDocumentElement().normalize(); - - NodeList nList = xmlDocument.getElementsByTagName("property"); - - for (int temp = 0; temp < nList.getLength(); temp++) { - - Node nNode = nList.item(temp); - - if (nNode.getNodeType() == Node.ELEMENT_NODE) { - - Element eElement = (Element) nNode; - - String propertyName = ""; - String propertyValue = ""; - if (eElement.getElementsByTagName("name").item(0) != null) { - propertyName = eElement.getElementsByTagName("name") - .item(0).getTextContent().trim(); - } - if (eElement.getElementsByTagName("value").item(0) != null) { - propertyValue = eElement.getElementsByTagName("value") - .item(0).getTextContent().trim(); - } - - properties.put(propertyName, propertyValue); - - } - } - } catch (Exception e) { - logger.error("Error loading : ", e); - } - } - -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java index 13fc7da..d87120c 100644 --- a/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java +++ b/webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java @@ -19,9 +19,9 @@ package org.apache.atlas.web.filters; import java.io.IOException; -import java.util.ArrayList; import java.util.Collection; -import java.util.List; +import java.util.HashSet; +import java.util.Set; import javax.servlet.FilterChain; import javax.servlet.ServletException; @@ -31,13 +31,11 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.atlas.AtlasClient; -import org.apache.atlas.AtlasException; import org.apache.atlas.authorize.AtlasAccessRequest; -import org.apache.atlas.authorize.AtlasActionTypes; import org.apache.atlas.authorize.AtlasAuthorizationException; import org.apache.atlas.authorize.AtlasAuthorizer; +import org.apache.atlas.authorize.AtlasAuthorizerFactory; import org.apache.atlas.authorize.AtlasResourceTypes; -import org.apache.atlas.authorize.SimpleAtlasAuthorizer; import org.json.simple.JSONObject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -45,7 +43,6 @@ import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.web.filter.GenericFilterBean; -import static org.apache.atlas.authorize.AtlasAuthorizationUtils.*; import com.google.common.base.Strings; @@ -53,23 +50,36 @@ public class AtlasAuthorizationFilter extends GenericFilterBean { private static final Logger LOG = LoggerFactory.getLogger(AtlasAuthorizationFilter.class); private static boolean isDebugEnabled = LOG.isDebugEnabled(); - private AtlasAuthorizer authorizer = SimpleAtlasAuthorizer.getInstance(); + private AtlasAuthorizer authorizer = null; private final String BASE_URL = "/" + AtlasClient.BASE_URI; public AtlasAuthorizationFilter() { if (isDebugEnabled) { - LOG.debug("<== AtlasAuthorizationFilter() -- " + "Now initializing the Apache Atlas Authorizer!!!"); + LOG.debug("==> AtlasAuthorizationFilter() -- " + "Now initializing the Apache Atlas Authorizer!!!"); } - authorizer.init(); + + try { + authorizer = AtlasAuthorizerFactory.getAtlasAuthorizer(); + if (authorizer != null) { + authorizer.init(); + } else { + LOG.warn("AtlasAuthorizer not initialized properly, please check the application logs and add proper configurations."); + } + } catch (AtlasAuthorizationException e) { + LOG.error("Unable to obtain AtlasAuthorizer. ", e); + } + } @Override public void destroy() { if (isDebugEnabled) { - LOG.debug("<== AtlasAuthorizationFilter destroy"); + LOG.debug("==> AtlasAuthorizationFilter destroy"); + } + if (authorizer != null) { + authorizer.cleanUp(); } - authorizer.cleanUp(); super.destroy(); } @@ -83,15 +93,13 @@ public class AtlasAuthorizationFilter extends GenericFilterBean { HttpServletRequest request = (HttpServletRequest) req; String pathInfo = request.getServletPath(); - if (pathInfo.startsWith(BASE_URL)) { + if (!Strings.isNullOrEmpty(pathInfo) && pathInfo.startsWith(BASE_URL)) { if (isDebugEnabled) { LOG.debug(pathInfo + " is a valid REST API request!!!"); } - AtlasActionTypes action = getAtlasAction(request.getMethod()); String userName = null; - List<String> groups = new ArrayList<String>(); - StringBuilder sb = new StringBuilder(); + Set<String> groups = new HashSet<String>(); Authentication auth = SecurityContextHolder.getContext().getAuthentication(); @@ -101,37 +109,43 @@ public class AtlasAuthorizationFilter extends GenericFilterBean { for (GrantedAuthority c : authorities) { groups.add(c.getAuthority()); } - sb.append("============================\n"); - sb.append("UserName ==>> " + userName + "\nGroups ==>> " + groups); } else { if (LOG.isErrorEnabled()) { LOG.error("Cannot obtain Security Context : " + auth); } throw new ServletException("Cannot obtain Security Context : " + auth); } - - sb.append("\n" + "URL :: " + request.getRequestURL() + " Action :: " + action); - sb.append("\nrequest.getServletPath() :: " + pathInfo); - sb.append("\n============================\n"); - + AtlasAccessRequest atlasRequest = new AtlasAccessRequest(request, userName, groups); if (isDebugEnabled) { - LOG.debug(sb.toString()); + LOG.debug("============================\n" + "UserName :: " + atlasRequest.getUser() + "\nGroups :: " + + atlasRequest.getUserGroups() + "\nURL :: " + request.getRequestURL() + "\nAction :: " + + atlasRequest.getAction() + "\nrequest.getServletPath() :: " + pathInfo + + "\n============================\n"); } - sb = null; - List<AtlasResourceTypes> atlasResourceType = getAtlasResourceType(pathInfo); - String resource = getAtlasResource(request, action); - AtlasAccessRequest atlasRequest = - new AtlasAccessRequest(atlasResourceType, resource, action, userName, groups); + boolean accessAllowed = false; - try { - accessAllowed = authorizer.isAccessAllowed(atlasRequest); - } catch (AtlasAuthorizationException e) { - if (LOG.isErrorEnabled()) { - LOG.error("Access Restricted. Could not process the request due to : " + e); + + Set<AtlasResourceTypes> atlasResourceTypes = atlasRequest.getResourceTypes(); + if (atlasResourceTypes.size() == 1 && atlasResourceTypes.contains(AtlasResourceTypes.UNKNOWN)) { + // Allowing access to unprotected resource types + if (LOG.isDebugEnabled()) { + LOG.debug("Allowing access to unprotected resource types " + atlasResourceTypes); + } + accessAllowed = true; + } else { + + try { + if (authorizer != null) { + accessAllowed = authorizer.isAccessAllowed(atlasRequest); + } + } catch (AtlasAuthorizationException e) { + if (LOG.isErrorEnabled()) { + LOG.error("Access Restricted. Could not process the request :: " + e); + } + } + if (isDebugEnabled) { + LOG.debug("Authorizer result :: " + accessAllowed); } - } - if (isDebugEnabled) { - LOG.debug("Authorizer result :: " + accessAllowed); } if (accessAllowed) { if (isDebugEnabled) { @@ -140,17 +154,17 @@ public class AtlasAuthorizationFilter extends GenericFilterBean { chain.doFilter(req, res); } else { JSONObject json = new JSONObject(); - json.put("AuthorizationError", "Sorry you are not authorized for " + action.name() + " on " - + atlasResourceType + " : " + resource); + json.put("AuthorizationError", "You are not authorized for " + atlasRequest.getAction().name() + " on " + + atlasResourceTypes + " : " + atlasRequest.getResource()); HttpServletResponse response = (HttpServletResponse) res; response.setContentType("application/json"); response.setStatus(HttpServletResponse.SC_FORBIDDEN); response.sendError(HttpServletResponse.SC_FORBIDDEN, json.toString()); if (isDebugEnabled) { - LOG.debug("Sorry you are not authorized for " + action.name() + " on " + atlasResourceType + " : " - + resource); - LOG.debug("Returning 403 since the access is blocked update!!!!"); + LOG.debug("You are not authorized for " + atlasRequest.getAction().name() + " on " + + atlasResourceTypes + " : " + atlasRequest.getResource() + + "\nReturning 403 since the access is blocked update!!!!"); } return; } http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java b/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java index 9e5df45..34063b0 100644 --- a/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java +++ b/webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java @@ -22,7 +22,7 @@ import java.util.List; import javax.annotation.PostConstruct; -import org.apache.atlas.util.PropertiesUtil; +import org.apache.atlas.utils.PropertiesUtil; import org.apache.atlas.web.model.User; import org.apache.log4j.Logger; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java b/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java index e66b930..6037858 100644 --- a/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java +++ b/webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java @@ -20,7 +20,7 @@ package org.apache.atlas.web.security; import java.util.List; import javax.annotation.PostConstruct; -import org.apache.atlas.util.PropertiesUtil; +import org.apache.atlas.utils.PropertiesUtil; import org.apache.atlas.web.model.User; import org.apache.log4j.Logger; import org.springframework.ldap.core.support.LdapContextSource; http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/main/webapp/WEB-INF/applicationContext.xml ---------------------------------------------------------------------- diff --git a/webapp/src/main/webapp/WEB-INF/applicationContext.xml b/webapp/src/main/webapp/WEB-INF/applicationContext.xml index b58952c..004c3a8 100644 --- a/webapp/src/main/webapp/WEB-INF/applicationContext.xml +++ b/webapp/src/main/webapp/WEB-INF/applicationContext.xml @@ -24,9 +24,9 @@ <import resource="classpath:/spring-security.xml" /> - <bean id="xmlPropertyConfigurer" class="org.apache.atlas.util.XMLPropertiesUtil" /> + <bean id="xmlPropertyConfigurer" class="org.apache.atlas.utils.XMLPropertiesUtil" /> - <bean id="propertyConfigurer" class="org.apache.atlas.util.PropertiesUtil"> + <bean id="propertyConfigurer" class="org.apache.atlas.utils.PropertiesUtil"> <property name="locations"> <list> <value>classpath:atlas-admin-site.xml http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/test/java/org/apache/atlas/authorize/AtlasAuthorizationUtilsTest.java ---------------------------------------------------------------------- diff --git a/webapp/src/test/java/org/apache/atlas/authorize/AtlasAuthorizationUtilsTest.java b/webapp/src/test/java/org/apache/atlas/authorize/AtlasAuthorizationUtilsTest.java deleted file mode 100644 index 5fc4420..0000000 --- a/webapp/src/test/java/org/apache/atlas/authorize/AtlasAuthorizationUtilsTest.java +++ /dev/null @@ -1,121 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.atlas.authorize; - -import org.testng.annotations.Test; - -import java.util.List; - -import static org.testng.Assert.assertEquals; -import static org.testng.Assert.assertTrue; - -/** - * Unit tests for AtlasAuthorizationUtils. - */ -public class AtlasAuthorizationUtilsTest { - @Test - public void testGetApi() { - String contextPath = "/api/atlas/entities"; - assertEquals(AtlasAuthorizationUtils.getApi(contextPath), "entities"); - - contextPath = "/api/atlas/entities/111/traits"; - assertEquals(AtlasAuthorizationUtils.getApi(contextPath), "entities"); - - contextPath = "/api/atlas/v1/entities"; - assertEquals(AtlasAuthorizationUtils.getApi(contextPath), "v1/entities"); - - contextPath = "/api/atlas/v1/entities/111/tags"; - assertEquals(AtlasAuthorizationUtils.getApi(contextPath), "v1/entities"); - - // not sure of this use case but the code appears to support url's that don't - // begin with base url. - contextPath = "/foo/bar"; - assertEquals(AtlasAuthorizationUtils.getApi(contextPath), "foo"); - } - - @Test - public void testGetAtlasResourceType() throws Exception { - String contextPath = "/api/atlas/types"; - List<AtlasResourceTypes> resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath); - assertEquals(resourceTypes.size(), 1); - assertTrue(resourceTypes.contains(AtlasResourceTypes.TYPE)); - - contextPath = "/api/atlas/admin/foo"; - resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath); - assertEquals(resourceTypes.size(), 1); - assertTrue(resourceTypes.contains(AtlasResourceTypes.OPERATION)); - - contextPath = "/api/atlas/graph/foo"; - resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath); - assertEquals(resourceTypes.size(), 1); - assertTrue(resourceTypes.contains(AtlasResourceTypes.OPERATION)); - - contextPath = "/api/atlas/discovery/search/gremlin"; - resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath); - assertEquals(resourceTypes.size(), 1); - assertTrue(resourceTypes.contains(AtlasResourceTypes.OPERATION)); - - contextPath = "/api/atlas/entities/111/traits"; - resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath); - assertEquals(resourceTypes.size(), 2); - assertTrue(resourceTypes.contains(AtlasResourceTypes.ENTITY)); - assertTrue(resourceTypes.contains(AtlasResourceTypes.TYPE)); - - contextPath = "/api/atlas/discovery/search"; - resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath); - assertEquals(resourceTypes.size(), 2); - assertTrue(resourceTypes.contains(AtlasResourceTypes.ENTITY)); - assertTrue(resourceTypes.contains(AtlasResourceTypes.TYPE)); - - contextPath = "/api/atlas/entities?type=Column"; - resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath); - assertEquals(resourceTypes.size(), 1); - assertTrue(resourceTypes.contains(AtlasResourceTypes.ENTITY)); - - contextPath = "/api/atlas/lineage"; - resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath); - assertEquals(resourceTypes.size(), 1); - assertTrue(resourceTypes.contains(AtlasResourceTypes.ENTITY)); - - contextPath = "/api/atlas/v1/taxonomies"; - resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath); - assertEquals(resourceTypes.size(), 2); - assertTrue(resourceTypes.contains(AtlasResourceTypes.TAXONOMY)); - assertTrue(resourceTypes.contains(AtlasResourceTypes.ENTITY)); - - contextPath = "/api/atlas/v1/taxonomies/taxonomy1/terms"; - resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath); - assertEquals(resourceTypes.size(), 4); - assertTrue(resourceTypes.contains(AtlasResourceTypes.TAXONOMY)); - assertTrue(resourceTypes.contains(AtlasResourceTypes.ENTITY)); - assertTrue(resourceTypes.contains(AtlasResourceTypes.TERM)); - assertTrue(resourceTypes.contains(AtlasResourceTypes.TYPE)); - - contextPath = "/api/atlas/v1/entities/111"; - resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath); - assertEquals(resourceTypes.size(), 1); - assertTrue(resourceTypes.contains(AtlasResourceTypes.ENTITY)); - - contextPath = "/api/atlas/v1/entities/111/tags/foo"; - resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath); - assertEquals(resourceTypes.size(), 2); - assertTrue(resourceTypes.contains(AtlasResourceTypes.ENTITY)); - assertTrue(resourceTypes.contains(AtlasResourceTypes.TYPE)); - } -} http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/test/java/org/apache/atlas/authorize/PolicyParserTest.java ---------------------------------------------------------------------- diff --git a/webapp/src/test/java/org/apache/atlas/authorize/PolicyParserTest.java b/webapp/src/test/java/org/apache/atlas/authorize/PolicyParserTest.java deleted file mode 100644 index 507d4c6..0000000 --- a/webapp/src/test/java/org/apache/atlas/authorize/PolicyParserTest.java +++ /dev/null @@ -1,167 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.atlas.authorize; - -import static org.junit.Assert.assertEquals; - -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import org.testng.annotations.Test; - -public class PolicyParserTest { - - @Test - public void testParsePoliciesWithAllProperties() { - List<String> policies = new ArrayList<String>(); - policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;entity:*abc,operation:*xyz,type:PII"); - /* Creating group data */ - Map<String, List<AtlasActionTypes>> groupMap = new HashMap<String, List<AtlasActionTypes>>(); - List<AtlasActionTypes> accessList1 = new ArrayList<AtlasActionTypes>(); - accessList1.add(AtlasActionTypes.READ); - accessList1.add(AtlasActionTypes.WRITE); - accessList1.add(AtlasActionTypes.UPDATE); - - groupMap.put("grp1", accessList1); - List<AtlasActionTypes> accessList2 = new ArrayList<AtlasActionTypes>(); - accessList2.add(AtlasActionTypes.UPDATE); - groupMap.put("grp2", accessList2); - - /* Creating user data */ - Map<String, List<AtlasActionTypes>> usersMap = new HashMap<String, List<AtlasActionTypes>>(); - List<AtlasActionTypes> usr1AccessList = new ArrayList<AtlasActionTypes>(); - usr1AccessList.add(AtlasActionTypes.READ); - usersMap.put("usr1", usr1AccessList); - - List<AtlasActionTypes> usr2AccessList = new ArrayList<AtlasActionTypes>(); - usr2AccessList.add(AtlasActionTypes.READ); - usr2AccessList.add(AtlasActionTypes.WRITE); - usersMap.put("usr2", usr2AccessList); - - /* Creating resources data */ - Map<AtlasResourceTypes, List<String>> resourceMap = new HashMap<AtlasResourceTypes, List<String>>(); - List<String> resource1List = new ArrayList<String>(); - resource1List.add("*abc"); - resourceMap.put(AtlasResourceTypes.ENTITY, resource1List); - - List<String> resource2List = new ArrayList<String>(); - resource2List.add("*xyz"); - resourceMap.put(AtlasResourceTypes.OPERATION, resource2List); - - List<String> resource3List = new ArrayList<String>(); - resource3List.add("PII"); - resourceMap.put(AtlasResourceTypes.TYPE, resource3List); - - List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies); - for (PolicyDef def : policyDefs) { - - assertEquals(def.getPolicyName(), "hivePolicy"); - assertEquals(def.getGroups(), groupMap); - assertEquals(def.getUsers(), usersMap); - assertEquals(def.getResources(), resourceMap); - - } - - } - - @Test - public void testParsePoliciesWithOutUserProperties() { - List<String> policies = new ArrayList<String>(); - policies.add("hivePolicy;;;;grp1:rwu,grp2:u;;entity:*abc,operation:*xyz,type:PII"); - // Creating group data - Map<String, List<AtlasActionTypes>> groupMap = new HashMap<String, List<AtlasActionTypes>>(); - List<AtlasActionTypes> accessList1 = new ArrayList<AtlasActionTypes>(); - accessList1.add(AtlasActionTypes.READ); - accessList1.add(AtlasActionTypes.WRITE); - accessList1.add(AtlasActionTypes.UPDATE); - - groupMap.put("grp1", accessList1); - List<AtlasActionTypes> accessList2 = new ArrayList<AtlasActionTypes>(); - accessList2.add(AtlasActionTypes.UPDATE); - groupMap.put("grp2", accessList2); - - // Creating user data - Map<String, List<AtlasActionTypes>> usersMap = new HashMap<String, List<AtlasActionTypes>>(); - - // Creating resources data - Map<AtlasResourceTypes, List<String>> resourceMap = new HashMap<AtlasResourceTypes, List<String>>(); - List<String> resource1List = new ArrayList<String>(); - resource1List.add("*abc"); - resourceMap.put(AtlasResourceTypes.ENTITY, resource1List); - - List<String> resource2List = new ArrayList<String>(); - resource2List.add("*xyz"); - resourceMap.put(AtlasResourceTypes.OPERATION, resource2List); - - List<String> resource3List = new ArrayList<String>(); - resource3List.add("PII"); - resourceMap.put(AtlasResourceTypes.TYPE, resource3List); - - List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies); - for (PolicyDef def : policyDefs) { - - assertEquals(def.getPolicyName(), "hivePolicy"); - assertEquals(def.getGroups(), groupMap); - assertEquals(def.getUsers(), usersMap); - assertEquals(def.getResources(), resourceMap); - - } - - } - - @Test - public void testParsePoliciesWithOutGroupProperties() { - List<String> policies = new ArrayList<String>(); - policies.add("hivePolicy;;usr1:r,usr2:rw;;;;entity:*abc,operation:*xyz,type:PII"); - // Creating group data - Map<String, List<AtlasActionTypes>> groupMap = new HashMap<String, List<AtlasActionTypes>>(); - - // Creating user data - Map<String, List<AtlasActionTypes>> usersMap = new HashMap<String, List<AtlasActionTypes>>(); - List<AtlasActionTypes> usr1AccessList = new ArrayList<AtlasActionTypes>(); - usr1AccessList.add(AtlasActionTypes.READ); - usersMap.put("usr1", usr1AccessList); - - List<AtlasActionTypes> usr2AccessList = new ArrayList<AtlasActionTypes>(); - usr2AccessList.add(AtlasActionTypes.READ); - usr2AccessList.add(AtlasActionTypes.WRITE); - usersMap.put("usr2", usr2AccessList); - - // Creating resources data - Map<AtlasResourceTypes, List<String>> resourceMap = new HashMap<AtlasResourceTypes, List<String>>(); - List<String> resource1List = new ArrayList<String>(); - resource1List.add("*abc"); - resourceMap.put(AtlasResourceTypes.ENTITY, resource1List); - - List<String> resource2List = new ArrayList<String>(); - resource2List.add("*xyz"); - resourceMap.put(AtlasResourceTypes.OPERATION, resource2List); - - List<String> resource3List = new ArrayList<String>(); - resource3List.add("PII"); - resourceMap.put(AtlasResourceTypes.TYPE, resource3List); - - List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies); - for (PolicyDef def : policyDefs) { - assertEquals(def.getPolicyName(), "hivePolicy"); - assertEquals(def.getGroups(), groupMap); - assertEquals(def.getUsers(), usersMap); - assertEquals(def.getResources(), resourceMap); - } - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/test/java/org/apache/atlas/authorize/PolicyUtilTest.java ---------------------------------------------------------------------- diff --git a/webapp/src/test/java/org/apache/atlas/authorize/PolicyUtilTest.java b/webapp/src/test/java/org/apache/atlas/authorize/PolicyUtilTest.java deleted file mode 100644 index 59e88c9..0000000 --- a/webapp/src/test/java/org/apache/atlas/authorize/PolicyUtilTest.java +++ /dev/null @@ -1,95 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.atlas.authorize; - -import static org.junit.Assert.assertEquals; - -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import org.testng.annotations.Test; - -public class PolicyUtilTest { - - @Test - public void testCreatePermissionMap() { - - HashMap<AtlasResourceTypes, List<String>> resourceMap = new HashMap<AtlasResourceTypes, List<String>>(); - List<String> resource1List = new ArrayList<String>(); - resource1List.add("*abc"); - resourceMap.put(AtlasResourceTypes.ENTITY, resource1List); - - List<String> resource2List = new ArrayList<String>(); - resource2List.add("*xyz"); - resourceMap.put(AtlasResourceTypes.OPERATION, resource2List); - - List<String> resource3List = new ArrayList<String>(); - resource3List.add("PII"); - resourceMap.put(AtlasResourceTypes.TYPE, resource3List); - - Map<String, HashMap<AtlasResourceTypes, List<String>>> permissionMap = - new HashMap<String, HashMap<AtlasResourceTypes, List<String>>>(); - permissionMap.put("grp1", resourceMap); - - List<String> policies = new ArrayList<String>(); - policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;entity:*abc,operation:*xyz,type:PII"); - List<PolicyDef> policyDefList = new PolicyParser().parsePolicies(policies); - - Map<String, Map<AtlasResourceTypes, List<String>>> createdPermissionMap = - new PolicyUtil().createPermissionMap(policyDefList, AtlasActionTypes.READ, AtlasAccessorTypes.GROUP); - - assertEquals(permissionMap, createdPermissionMap); - - } - - @Test - public void testMergeCreatePermissionMap() { - - HashMap<AtlasResourceTypes, List<String>> resourceMap = new HashMap<AtlasResourceTypes, List<String>>(); - List<String> resource1List = new ArrayList<String>(); - resource1List.add("*abc"); - resourceMap.put(AtlasResourceTypes.ENTITY, resource1List); - - List<String> resource2List = new ArrayList<String>(); - resource2List.add("*x"); - resource2List.add("*xyz"); - resourceMap.put(AtlasResourceTypes.OPERATION, resource2List); - - List<String> resource3List = new ArrayList<String>(); - resource3List.add("PII"); - resourceMap.put(AtlasResourceTypes.TYPE, resource3List); - - Map<String, HashMap<AtlasResourceTypes, List<String>>> permissionMap = - new HashMap<String, HashMap<AtlasResourceTypes, List<String>>>(); - permissionMap.put("grp1", resourceMap); - - List<String> policies = new ArrayList<String>(); - policies.add("hivePolicys;;;;grp1:rwu;;entity:*abc,operation:*xyz,operation:*x"); - policies.add("hivePolicy;;;;grp1:rwu;;entity:*abc,operation:*xyz"); - policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu;;entity:*abc,operation:*xyz"); - policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;entity:*abc,operation:*xyz,type:PII"); - List<PolicyDef> policyDefList = new PolicyParser().parsePolicies(policies); - - Map<String, Map<AtlasResourceTypes, List<String>>> createdPermissionMap = - new PolicyUtil().createPermissionMap(policyDefList, AtlasActionTypes.READ, AtlasAccessorTypes.GROUP); - - assertEquals(permissionMap, createdPermissionMap); - - } -} http://git-wip-us.apache.org/repos/asf/incubator-atlas/blob/353ea964/webapp/src/test/java/org/apache/atlas/authorize/SimpleAtlasAuthorizerTest.java ---------------------------------------------------------------------- diff --git a/webapp/src/test/java/org/apache/atlas/authorize/SimpleAtlasAuthorizerTest.java b/webapp/src/test/java/org/apache/atlas/authorize/SimpleAtlasAuthorizerTest.java deleted file mode 100644 index 5041e6f..0000000 --- a/webapp/src/test/java/org/apache/atlas/authorize/SimpleAtlasAuthorizerTest.java +++ /dev/null @@ -1,185 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.atlas.authorize; - -import java.util.ArrayList; -import java.util.List; -import java.util.Map; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.testng.AssertJUnit; -import org.testng.annotations.Test; - - -public class SimpleAtlasAuthorizerTest { - - private static Logger LOG = LoggerFactory.getLogger(SimpleAtlasAuthorizerTest.class); - - @Test - public void testAccessAllowedForUserAndGroup() { - - Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap = null; - Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap = null; - List<String> policies = new ArrayList<String>(); - policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;type:*abc,type:PII"); - - List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies); - PolicyUtil policyUtil = new PolicyUtil(); - // group read map - groupReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.GROUP); - // creating user readMap - userReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.USER); - - List<AtlasResourceTypes> resourceType = new ArrayList<AtlasResourceTypes>(); - resourceType.add(AtlasResourceTypes.TYPE); - String resource = "xsdfhjabc"; - AtlasActionTypes action = AtlasActionTypes.READ; - String user = "usr1"; - - List<String> userGroups = new ArrayList<String>(); - userGroups.add("grp3"); - AtlasAccessRequest request = new AtlasAccessRequest(resourceType, resource, action, user, userGroups); - SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) SimpleAtlasAuthorizer.getInstance(); - - authorizer.setResourcesForTesting(userReadMap, groupReadMap, action); - - try { - boolean isAccessAllowed = authorizer.isAccessAllowed(request); - // getUserReadMap - AssertJUnit.assertEquals(true, isAccessAllowed); - } catch (AtlasAuthorizationException e) { - if (LOG.isErrorEnabled()) { - LOG.error("AtlasAuthorizationException in Unit Test", e); - } - } - - } - - @Test - public void testAccessAllowedForGroup() { - - Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap = null; - Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap = null; - List<String> policies = new ArrayList<String>(); - policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;type:PII"); - - List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies); - PolicyUtil policyUtil = new PolicyUtil(); - // creating group read map - groupReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.GROUP); - // creating user readMap - userReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.USER); - - List<AtlasResourceTypes> resourceType = new ArrayList<AtlasResourceTypes>(); - resourceType.add(AtlasResourceTypes.TYPE); - String resource = "PII"; - AtlasActionTypes action = AtlasActionTypes.READ; - String user = "usr3"; - List<String> userGroups = new ArrayList<String>(); - userGroups.add("grp1"); - AtlasAccessRequest request = new AtlasAccessRequest(resourceType, resource, action, user, userGroups); - SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) SimpleAtlasAuthorizer.getInstance(); - authorizer.setResourcesForTesting(userReadMap, groupReadMap, action); - - try { - boolean isAccessAllowed = authorizer.isAccessAllowed(request); - AssertJUnit.assertEquals(true, isAccessAllowed); - } catch (AtlasAuthorizationException e) { - if (LOG.isErrorEnabled()) { - LOG.error("AtlasAuthorizationException in Unit Test", e); - } - - } - - } - - @Test - public void testResourceNotAvailableInPolicy() { - - Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap = null; - Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap = null; - List<String> policies = new ArrayList<String>(); - policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;type:PII"); - - List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies); - PolicyUtil policyUtil = new PolicyUtil(); - // group read map - groupReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.GROUP); - // creating user readMap - userReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.USER); - - List<AtlasResourceTypes> resourceType = new ArrayList<AtlasResourceTypes>(); - resourceType.add(AtlasResourceTypes.TYPE); - String resource = "abc"; - AtlasActionTypes action = AtlasActionTypes.READ; - String user = "usr1"; - List<String> userGroups = new ArrayList<String>(); - userGroups.add("grp1"); - AtlasAccessRequest request = new AtlasAccessRequest(resourceType, resource, action, user, userGroups); - SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) SimpleAtlasAuthorizer.getInstance(); - authorizer.setResourcesForTesting(userReadMap, groupReadMap, action); - - try { - boolean isAccessAllowed = authorizer.isAccessAllowed(request); - AssertJUnit.assertEquals(false, isAccessAllowed); - } catch (AtlasAuthorizationException e) { - if (LOG.isErrorEnabled()) { - LOG.error("AtlasAuthorizationException in Unit Test", e); - } - } - - } - - @Test - public void testAccessNotAllowedForUserAndGroup() { - - Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap = null; - Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap = null; - List<String> policies = new ArrayList<String>(); - policies.add("hivePolicy;;usr1:r,usr2:rw;;grp1:rwu,grp2:u;;type:PII"); - - List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies); - PolicyUtil policyUtil = new PolicyUtil(); - // group read map - groupReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.GROUP); - // creating user readMap - userReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.USER); - - List<AtlasResourceTypes> resourceType = new ArrayList<AtlasResourceTypes>(); - resourceType.add(AtlasResourceTypes.TYPE); - String resource = "PII"; - AtlasActionTypes action = AtlasActionTypes.READ; - String user = "usr3"; - List<String> userGroups = new ArrayList<String>(); - userGroups.add("grp3"); - AtlasAccessRequest request = new AtlasAccessRequest(resourceType, resource, action, user, userGroups); - SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) SimpleAtlasAuthorizer.getInstance(); - authorizer.setResourcesForTesting(userReadMap, groupReadMap, action); - - try { - boolean isAccessAllowed = authorizer.isAccessAllowed(request); - AssertJUnit.assertEquals(false, isAccessAllowed); - } catch (AtlasAuthorizationException e) { - if (LOG.isErrorEnabled()) { - LOG.error("AtlasAuthorizationException in Unit Test", e); - } - } - - } - -}
