private boolean impliesKeyValue(KeyValue policyPart, KeyValue requestPart) { Preconditions.checkState(policyPart.getKey().equalsIgnoreCase(requestPart.getKey()), "Please report, this method should not be called with two different keys"); if(policyPart.getValue().equals(IndexerConstants.ALL) || policyPart.equals(requestPart)) { return true; } else if (!PolicyConstants.PRIVILEGE_NAME.equalsIgnoreCase(policyPart.getKey()) && IndexerConstants.ALL.equalsIgnoreCase(requestPart.getValue())) { /* privilege request is to match with any object of given type */ return true; } return false; }
private boolean impliesKeyValue(KeyValue policyPart, KeyValue requestPart) { Preconditions.checkState(policyPart.getKey().equalsIgnoreCase(requestPart.getKey()), "Please report, this method should not be called with two different keys"); if(policyPart.getValue().equals(SearchConstants.ALL) || policyPart.equals(requestPart)) { return true; } else if (!PolicyConstants.PRIVILEGE_NAME.equalsIgnoreCase(policyPart.getKey()) && SearchConstants.ALL.equalsIgnoreCase(requestPart.getValue())) { /* privilege request is to match with any object of given type */ return true; } return false; }
private boolean impliesKeyValue(KeyValue policyPart, KeyValue requestPart) { Preconditions.checkState(policyPart.getKey().equalsIgnoreCase(requestPart.getKey()), "Please report, this method should not be called with two different keys"); if(policyPart.getValue().equalsIgnoreCase(SqoopActionConstant.ALL) || policyPart.getValue().equalsIgnoreCase(SqoopActionConstant.ALL_NAME) || policyPart.equals(requestPart)) { return true; } else if (!SqoopActionConstant.NAME.equalsIgnoreCase(policyPart.getKey()) && SqoopActionConstant.ALL.equalsIgnoreCase(requestPart.getValue())) { /* privilege request is to match with any object of given type */ return true; } return false; } }
private boolean impliesKeyValue(KeyValue policyPart, KeyValue requestPart) { Preconditions.checkState(policyPart.getKey().equalsIgnoreCase(requestPart.getKey()), "Please report, this method should not be called with two different keys"); // Host is a special resource, not declared as resource in Kafka. Each Kafka resource can be // authorized based on the host request originated from and to handle this, Sentry uses host as // a resource. Kafka allows using '*' as wildcard for all hosts. '*' however is not a valid // Kafka action. if (hasHostWidCard(policyPart)) { return true; } if (KafkaActionConstant.actionName.equalsIgnoreCase(policyPart.getKey())) { // is action return policyPart.getValue().equalsIgnoreCase(KafkaActionConstant.ALL) || policyPart.equals(requestPart); } else { return policyPart.getValue().equals(requestPart.getValue()); } }
/** * For policy and request parts with the same key, ensure that the policy implies the request. In this method, the * keys for both #policyPart and #requestPart are expected to be the same. * * @param policyPart the policy part * @param requestPart the request part * @return true if either * - policy part is {@link Action#ALL}; or * - policy part equals request part; * false otherwise. */ private boolean impliesKeyValue(KeyValue policyPart, KeyValue requestPart) { Preconditions.checkState(policyPart.getKey().equalsIgnoreCase(requestPart.getKey()), String.format("Privilege Key Mismatch: Key %s and %s does not match.", policyPart.getKey (), requestPart.getKey())); // if it is an action, then either the policy part must include ALL, or be the same as the request part. if (ActionConstant.ACTION_NAME.equalsIgnoreCase(policyPart.getKey()) && policyPart.getValue().equalsIgnoreCase(ActionConstant.ALL)) { return true; } // if policy part is not Action#ALL, make sure that the policy and request parts match. return policyPart.equals(requestPart); } }
private boolean impliesKeyValue(KeyValue policyPart, KeyValue requestPart) { Preconditions.checkState(policyPart.getKey().equalsIgnoreCase(requestPart.getKey()), "Please report, this method should not be called with two different keys"); if(policyPart.getValue().equals(AccessConstants.ALL) || policyPart.getValue().equalsIgnoreCase("ALL")) { return true; } else if (!PolicyConstants.PRIVILEGE_NAME.equalsIgnoreCase(policyPart.getKey()) && AccessConstants.ALL.equalsIgnoreCase(requestPart.getValue())) { /* privilege request is to match with any object of given type */ return true; } else if (!PolicyConstants.PRIVILEGE_NAME.equalsIgnoreCase(policyPart.getKey()) && AccessConstants.SOME.equalsIgnoreCase(requestPart.getValue())) { /* privilege request is to match with any object of given type */ return true; } else if(policyPart.getKey().equalsIgnoreCase(AuthorizableType.URI.name())) { return impliesURI(policyPart.getValue(), requestPart.getValue()); } return policyPart.equals(requestPart); }