Tabnine Logo
ActiveRoleSet
Code IndexAdd Tabnine to your IDE (free)

How to use
ActiveRoleSet
in
org.apache.sentry.core.common

Best Java code snippets using org.apache.sentry.core.common.ActiveRoleSet (Showing top 20 results out of 315)

origin: apache/incubator-sentry

private static ActiveRoleSet parseActiveRoleSet(String name,
  Set<TSentryRole> allowedRoles) throws SentryUserException {
 // if unset, then we choose the default of ALL
 if (name.isEmpty()) {
  return ActiveRoleSet.ALL;
 } else if (AccessConstants.NONE_ROLE.equalsIgnoreCase(name)) {
  return new ActiveRoleSet(new HashSet<String>());
 } else if (AccessConstants.ALL_ROLE.equalsIgnoreCase(name)) {
  return ActiveRoleSet.ALL;
 } else if (AccessConstants.RESERVED_ROLE_NAMES.contains(name.toUpperCase())) {
  String msg = "Role " + name + " is reserved";
  throw new IllegalArgumentException(msg);
 } else {
  if (allowedRoles != null) {
   // check if the user has been granted the role
   boolean foundRole = false;
   for (TSentryRole role : allowedRoles) {
    if (role.getRoleName().equalsIgnoreCase(name)) {
     foundRole = true;
     break;
    }
   }
   if (!foundRole) {
    //Set the reason for hive binding to pick up
    throw new SentryUserException("Not authorized to set role " + name, "Not authorized to set role " + name);
   }
  }
  return new ActiveRoleSet(Sets.newHashSet(ROLE_SET_SPLITTER.split(name)));
 }
}
origin: apache/incubator-sentry

  roles.add(tRole.getRoleName());
 return ImmutableSet.copyOf(roleSet.isAll() ? roles : Sets.intersection(roles, roleSet.getRoles()));
} catch (SentryUserException e) {
 String msg = "Unable to obtain roles from server: " + e.getMessage();
origin: apache/incubator-sentry

/**
 * {@inheritDoc}
 */
@Override
public ImmutableSet<String> getPrivileges(Set<String> groups, ActiveRoleSet roleSet, Authorizable... authorizableHierarchy) {
 if (!initialized) {
  throw new IllegalStateException("Backend has not been properly initialized");
 }
 ImmutableSet.Builder<String> resultBuilder = ImmutableSet.builder();
 for (String groupName : groups) {
  for (Map.Entry<String, Set<String>> row : groupRolePrivilegeTable.row(groupName)
    .entrySet()) {
   if (roleSet.containsRole(row.getKey())) {
    resultBuilder.addAll(row.getValue());
   }
  }
 }
 return resultBuilder.build();
}
origin: apache/incubator-sentry

public synchronized Set<String> listPrivilegesForProvider(Set<String> groups, ActiveRoleSet roleSet, Authorizable... authorizable)
throws SentryUserException {
 TSentryActiveRoleSet thriftRoleSet = new TSentryActiveRoleSet(roleSet.isAll(), roleSet.getRoles());
 TListSentryPrivilegesForProviderRequest request =
   new TListSentryPrivilegesForProviderRequest(ThriftConstants.
     TSENTRY_SERVICE_VERSION_CURRENT, groups, thriftRoleSet);
 if (authorizable != null && authorizable.length > 0) {
  TSentryAuthorizable tSentryAuthorizable = setupSentryAuthorizable(Lists
    .newArrayList(authorizable));
  request.setAuthorizableHierarchy(tSentryAuthorizable);
 }
 try {
  TListSentryPrivilegesForProviderResponse response = client.list_sentry_privileges_for_provider(request);
  Status.throwIfNotOk(response.getStatus());
  return response.getPrivileges();
 } catch (TException e) {
  throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
 }
}
origin: apache/sentry

private static ActiveRoleSet parseActiveRoleSet(String name,
  Set<TSentryRole> allowedRoles) throws SentryUserException {
 // if unset, then we choose the default of ALL
 if (name.isEmpty()) {
  return ActiveRoleSet.ALL;
 } else if (AccessConstants.NONE_ROLE.equalsIgnoreCase(name)) {
  return new ActiveRoleSet(new HashSet<String>());
 } else if (AccessConstants.ALL_ROLE.equalsIgnoreCase(name)) {
  return ActiveRoleSet.ALL;
 } else if (AccessConstants.RESERVED_ROLE_NAMES.contains(name.toUpperCase())) {
  String msg = "Role " + name + " is reserved";
  throw new IllegalArgumentException(msg);
 } else {
  if (allowedRoles != null) {
   // check if the user has been granted the role
   boolean foundRole = false;
   for (TSentryRole role : allowedRoles) {
    if (role.getRoleName().equalsIgnoreCase(name)) {
     foundRole = true;
     break;
    }
   }
   if (!foundRole) {
    //Set the reason for hive binding to pick up
    throw new SentryUserException("Not authorized to set role " + name, "Not authorized to set role " + name);
   }
  }
  return new ActiveRoleSet(Sets.newHashSet(ROLE_SET_SPLITTER.split(name)));
 }
}
origin: apache/sentry

public ImmutableSet<String> getPrivileges(Set<String> groups, ActiveRoleSet roleSet,
                     Authorizable... authorizableHierarchy) {
 if (!initialized) {
  throw new IllegalStateException("CacheProvider has not been properly initialized");
 }
 ImmutableSet.Builder<String> resultBuilder = ImmutableSet.builder();
 for (String groupName : groups) {
  for (Map.Entry<String, Set<String>> row : cache.getCache().row(groupName).entrySet()) {
   if (roleSet.containsRole(row.getKey())) {
    // TODO: SENTRY-1245: Filter by Authorizables, if provided
    resultBuilder.addAll(row.getValue());
   }
  }
 }
 return resultBuilder.build();
}
origin: apache/incubator-sentry

public synchronized Map<TSentryAuthorizable, TSentryPrivilegeMap> listPrivilegsbyAuthorizable(
  String requestorUserName,
  Set<List<? extends Authorizable>> authorizables, Set<String> groups,
  ActiveRoleSet roleSet) throws SentryUserException {
 Set<TSentryAuthorizable> authSet = Sets.newTreeSet();
 for (List<? extends Authorizable> authorizableHierarchy : authorizables) {
  authSet.add(setupSentryAuthorizable(authorizableHierarchy));
 }
 TListSentryPrivilegesByAuthRequest request = new TListSentryPrivilegesByAuthRequest(
   ThriftConstants.TSENTRY_SERVICE_VERSION_CURRENT, requestorUserName,
   authSet);
 if (groups != null) {
  request.setGroups(groups);
 }
 if (roleSet != null) {
  request.setRoleSet(new TSentryActiveRoleSet(roleSet.isAll(), roleSet.getRoles()));
 }
 try {
  TListSentryPrivilegesByAuthResponse response = client
    .list_sentry_privileges_by_authorizable(request);
  Status.throwIfNotOk(response.getStatus());
  return response.getPrivilegesMapByAuth();
 } catch (TException e) {
  throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
 }
}
origin: apache/incubator-sentry

  null, new ActiveRoleSet(true));
assertEquals(expectedResults, authPrivMap);
  userGroupNames1, new ActiveRoleSet(true));
assertEquals(expectedResults, authPrivMap);
  null, new ActiveRoleSet(Sets.newHashSet(roleName1.toUpperCase())));
assertEquals(expectedResults, authPrivMap);
ActiveRoleSet roleSet2 = new ActiveRoleSet(Sets.newHashSet(roleName2));
try {
 client.listPrivilegsbyAuthorizable(user1, authorizableSet, null, roleSet2);
origin: apache/incubator-sentry

/**
 * {@inheritDoc}
 */
@Override
public ImmutableSet<String> getRoles(Set<String> groups, ActiveRoleSet roleSet) {
 if (!initialized) {
  throw new IllegalStateException("Backend has not been properly initialized");
 }
 ImmutableSet.Builder<String> resultBuilder = ImmutableSet.builder();
 if (groups != null) {
  for (String groupName : groups) {
   for (Map.Entry<String, Set<String>> row : groupRolePrivilegeTable.row(groupName)
     .entrySet()) {
    if (roleSet.containsRole(row.getKey())) {
     resultBuilder.add(row.getKey());
    }
   }
  }
 }
 return resultBuilder.build();
}
origin: apache/sentry

@Override
public Set<String> listPrivilegesForProvider
 (Set<String> groups, Set<String> users,
  ActiveRoleSet roleSet, Authorizable... authorizable) throws SentryUserException {
 TSentryActiveRoleSet thriftRoleSet = new TSentryActiveRoleSet(roleSet.isAll(), roleSet.getRoles());
 TListSentryPrivilegesForProviderRequest request =
  new TListSentryPrivilegesForProviderRequest(ThriftConstants.
   TSENTRY_SERVICE_VERSION_CURRENT, groups, thriftRoleSet);
 if (authorizable != null && authorizable.length > 0) {
  TSentryAuthorizable tSentryAuthorizable = setupSentryAuthorizable(Lists
   .newArrayList(authorizable));
  request.setAuthorizableHierarchy(tSentryAuthorizable);
 }
 if (users != null) {
  request.setUsers(users);
 }
 try {
  TListSentryPrivilegesForProviderResponse response = client.list_sentry_privileges_for_provider(request);
  Status.throwIfNotOk(response.getStatus());
  return response.getPrivileges();
 } catch (TException e) {
  throw new SentryUserException(THRIFT_EXCEPTION_MESSAGE, e);
 }
}
origin: apache/sentry

  null, new ActiveRoleSet(true));
assertEquals(expectedResults, authPrivMap);
  userGroupNames1, new ActiveRoleSet(true));
assertEquals(expectedResults, authPrivMap);
  null, new ActiveRoleSet(Sets.newHashSet(roleName1.toUpperCase())));
assertEquals(expectedResults, authPrivMap);
ActiveRoleSet roleSet2 = new ActiveRoleSet(Sets.newHashSet(roleName2));
try {
 client.listPrivilegesbyAuthorizable(user1, authorizableSet, null, roleSet2);
origin: apache/sentry

 public ImmutableSet<String> getRoles(Set<String> groups, ActiveRoleSet roleSet) {
  if (!initialized) {
   throw new IllegalStateException("CacheProvider has not been properly initialized");
  }
  ImmutableSet.Builder<String> resultBuilder = ImmutableSet.builder();
  if (groups != null) {
   for (String groupName : groups) {
    for (Map.Entry<String, Set<String>> row : cache.getCache().row(groupName)
      .entrySet()) {
     if (roleSet.containsRole(row.getKey())) {
      resultBuilder.add(row.getKey());
     }
    }
   }
  }
  return resultBuilder.build();
 }
}
origin: apache/sentry

request.setRoleSet(new TSentryActiveRoleSet(roleSet.isAll(), roleSet.getRoles()));
origin: apache/sentry

  null, new ActiveRoleSet(testRoleSet));
assertEquals(expectedResults, authPrivMap);
  testGroupSet, new ActiveRoleSet(testRoleSet));
assertEquals(expectedResults, authPrivMap);
origin: apache/incubator-sentry

 String serviceName, ActiveRoleSet roleSet, Set<String> groups,
 List<? extends Authorizable> authorizables) throws SentryUserException {
TSentryActiveRoleSet thriftRoleSet = new TSentryActiveRoleSet(roleSet.isAll(), roleSet.getRoles());
TListSentryPrivilegesForProviderRequest request = new TListSentryPrivilegesForProviderRequest();
request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
origin: apache/incubator-sentry

  null, new ActiveRoleSet(testRoleSet));
assertEquals(expectedResults, authPrivMap);
  testGroupSet, new ActiveRoleSet(testRoleSet));
assertEquals(expectedResults, authPrivMap);
origin: apache/incubator-sentry

request.setRoleSet(new TSentryActiveRoleSet(roleSet.isAll(), roleSet.getRoles()));
origin: apache/sentry

assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet("server=server->db=db3->table=table5->action=all"), listPrivilegesForProvider);
listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), null, new ActiveRoleSet(Sets.newHashSet(roleName1)), new Server("server"), new Database("db3"));
assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet("server=+"), listPrivilegesForProvider);
listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), null, new ActiveRoleSet(Sets.newHashSet(roleName1)), new Server("server1"));
assertEquals("Privilege not correctly assigned to roles !!", new HashSet<String>(), listPrivilegesForProvider);
origin: apache/sentry

                      String serviceName, ActiveRoleSet roleSet, Set<String> groups,
                      List<? extends Authorizable> authorizables) throws SentryUserException {
TSentryActiveRoleSet thriftRoleSet = new TSentryActiveRoleSet(roleSet.isAll(), roleSet.getRoles());
TListSentryPrivilegesForProviderRequest request = new TListSentryPrivilegesForProviderRequest();
request.setProtocol_version(sentry_common_serviceConstants.TSENTRY_SERVICE_V2);
origin: apache/incubator-sentry

assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet("server=server->db=db3->table=table5->action=all"), listPrivilegesForProvider);
listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), new ActiveRoleSet(Sets.newHashSet(roleName1)), new Server("server"), new Database("db3"));
assertEquals("Privilege not correctly assigned to roles !!", Sets.newHashSet("server=+"), listPrivilegesForProvider);
listPrivilegesForProvider = client.listPrivilegesForProvider(Sets.newHashSet(group1, group2), new ActiveRoleSet(Sets.newHashSet(roleName1)), new Server("server1"));
assertEquals("Privilege not correctly assigned to roles !!", new HashSet<String>(), listPrivilegesForProvider);
org.apache.sentry.core.commonActiveRoleSet

Javadoc

Some authorization schemes allow users to select a particular set of roles they want active at any give time. For example, SQL systems often all ALL, NONE, or a subset of roles.

Most used methods

  • <init>
  • getRoles
  • isAll
  • containsRole
    Returns true if this active role set contains role. This can be the result of either this role set i

Popular in Java

  • Creating JSON documents from java classes using gson
  • getApplicationContext (Context)
  • addToBackStack (FragmentTransaction)
  • getResourceAsStream (ClassLoader)
  • System (java.lang)
    Provides access to system-related information and resources including standard input and output. Ena
  • Connection (java.sql)
    A connection represents a link from a Java application to a database. All SQL statements and results
  • MessageFormat (java.text)
    Produces concatenated messages in language-neutral way. New code should probably use java.util.Forma
  • ArrayList (java.util)
    ArrayList is an implementation of List, backed by an array. All optional operations including adding
  • Base64 (org.apache.commons.codec.binary)
    Provides Base64 encoding and decoding as defined by RFC 2045.This class implements section 6.8. Base
  • Project (org.apache.tools.ant)
    Central representation of an Ant project. This class defines an Ant project with all of its targets,
  • Best plugins for Eclipse
Tabnine Logo

  • Products

    Search for Java codeSearch for JavaScript code

  • IDE Plugins

    IntelliJ IDEAWebStormVisual StudioAndroid StudioEclipseVisual Studio CodePyCharmSublime TextPhpStormVimGoLandRubyMineEmacsJupyter NotebookJupyter LabRiderDataGripAppCode

  • Company

    About UsContact UsCareers

  • Resources

    FAQBlogTabnine AcademyTerms of usePrivacy policyJava Code IndexJavascript Code Index
Get Tabnine for your IDE now