public EmbeddedConfiguration() { DefaultAuthorizationValidator authorizationValidator = new DefaultAuthorizationValidator(); authorizationValidator.setPolicyDecider(new DataRolePolicyDecider()); this.setAuthorizationValidator(authorizationValidator); }
@Override public boolean isTempAccessible(PermissionType action, String resource, Context context, CommandContext commandContext) { if (resource != null) { return getInaccessibleResources(action, new HashSet<String>(Arrays.asList(resource)), context, commandContext).isEmpty(); } Boolean result = null; for(DataPolicy p:commandContext.getAllowedDataPolicies().values()) { DataPolicyMetadata policy = (DataPolicyMetadata)p; if (policy.isGrantAll()) { return true; } if (policy.isAllowCreateTemporaryTables() != null) { if (policy.isAllowCreateTemporaryTables()) { return true; } result = policy.isAllowCreateTemporaryTables(); } } if (result != null) { return result; } return allowCreateTemporaryTablesByDefault; }
/** * Test Request.validateEntitlement(). * Make sure that this can be called both before and after metadata is initialized. * See defect 17209. * @throws Exception * @since 4.2 */ @Test public void testValidateEntitlement() throws Exception { QueryMetadataInterface metadata = RealMetadataFactory.example1Cached(); Request request = new Request(); Command command = QueryParser.getQueryParser().parseCommand(QUERY); QueryResolver.resolveCommand(command, metadata); RequestMessage message = new RequestMessage(); DQPWorkContext workContext = RealMetadataFactory.buildWorkContext(metadata, RealMetadataFactory.example1VDB()); request.initialize(message, BufferManagerFactory.getStandaloneBufferManager(), null, new FakeTransactionService(), TEMP_TABLE_STORE, workContext, null); request.initMetadata(); DefaultAuthorizationValidator drav = new DefaultAuthorizationValidator(); DataRolePolicyDecider drpd = new DataRolePolicyDecider(); drpd.setAllowCreateTemporaryTablesByDefault(true); drpd.setAllowFunctionCallsByDefault(true); drav.setPolicyDecider(drpd); request.setAuthorizationValidator(drav); request.validateAccess(new String[] {QUERY}, command, CommandType.USER); }
private DataRolePolicyDecider createPolicyDecider( QueryMetadataInterface metadata, VDBMetaData vdb, DataPolicyMetadata... roles) { vdb.addAttchment(QueryMetadataInterface.class, metadata); HashMap<String, DataPolicy> policies = new HashMap<String, DataPolicy>(); for (DataPolicyMetadata dataPolicyMetadata : roles) { policies.put(dataPolicyMetadata.getName(), dataPolicyMetadata); } vdb.setDataPolicies(new ArrayList<DataPolicy>(policies.values())); this.context.getDQPWorkContext().setPolicies(policies); this.context.getSession().setVdb(vdb); this.context.setMetadata(metadata); DataRolePolicyDecider dataRolePolicyDecider = new DataRolePolicyDecider(); dataRolePolicyDecider.setAllowFunctionCallsByDefault(false); return dataRolePolicyDecider; }
@Override public boolean isTempAccessible(PermissionType action, String resource, Context context, CommandContext commandContext) { if (resource != null) { return getInaccessibleResources(action, new HashSet<String>(Arrays.asList(resource)), context, commandContext).isEmpty(); } Boolean result = null; for(DataPolicy p:commandContext.getAllowedDataPolicies().values()) { DataPolicyMetadata policy = (DataPolicyMetadata)p; if (policy.isGrantAll()) { return true; } if (policy.isAllowCreateTemporaryTables() != null) { if (policy.isAllowCreateTemporaryTables()) { return true; } result = policy.isAllowCreateTemporaryTables(); } } if (result != null) { return result; } return allowCreateTemporaryTablesByDefault; }
config.setUserRequestSourceConcurrency(2); DefaultAuthorizationValidator daa = new DefaultAuthorizationValidator(); daa.setPolicyDecider(new DataRolePolicyDecider()); config.setAuthorizationValidator(daa); core.start(config);
@Override public boolean isTempAccessible(PermissionType action, String resource, Context context, CommandContext commandContext) { if (resource != null) { return getInaccessibleResources(action, new HashSet<String>(Arrays.asList(resource)), context, commandContext).isEmpty(); } Boolean result = null; for(DataPolicy p:commandContext.getAllowedDataPolicies().values()) { DataPolicyMetadata policy = (DataPolicyMetadata)p; if (policy.isGrantAll()) { return true; } if (policy.isAllowCreateTemporaryTables() != null) { if (policy.isAllowCreateTemporaryTables()) { return true; } result = policy.isAllowCreateTemporaryTables(); } } if (result != null) { return result; } return allowCreateTemporaryTablesByDefault; }