org.apache.sentry.policy.indexer.IndexerWildcardPrivilege.java Source code

Java tutorial

  1. HOME
  2. Java
  3. org.apache.sentry.policy.indexer.IndexerWildcardPrivilege.java

Introduction

Here is the source code for org.apache.sentry.policy.indexer.IndexerWildcardPrivilege.java

Source

/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

// copied from apache shiro

package org.apache.sentry.policy.indexer;

import java.util.List;

import org.apache.sentry.core.model.indexer.IndexerConstants;
import org.apache.sentry.policy.common.Privilege;
import org.apache.sentry.policy.common.PrivilegeFactory;
import org.apache.sentry.provider.common.KeyValue;
import org.apache.sentry.provider.common.ProviderConstants;

import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Lists;

public class IndexerWildcardPrivilege implements Privilege {

    private final ImmutableList<KeyValue> parts;

    public IndexerWildcardPrivilege(String wildcardString) {
        wildcardString = Strings.nullToEmpty(wildcardString).trim();
        if (wildcardString.isEmpty()) {
            throw new IllegalArgumentException("Wildcard string cannot be null or empty.");
        }
        List<KeyValue> parts = Lists.newArrayList();
        for (String authorizable : ProviderConstants.AUTHORIZABLE_SPLITTER.trimResults().split(wildcardString)) {
            if (authorizable.isEmpty()) {
                throw new IllegalArgumentException("Privilege '" + wildcardString + "' has an empty section");
            }
            parts.add(new KeyValue(authorizable));
        }
        if (parts.isEmpty()) {
            throw new AssertionError("Should never occur: " + wildcardString);
        }
        this.parts = ImmutableList.copyOf(parts);
    }

    @Override
    public boolean implies(Privilege p) {
        // By default only supports comparisons with other IndexerWildcardPermissions
        if (!(p instanceof IndexerWildcardPrivilege)) {
            return false;
        }

        IndexerWildcardPrivilege wp = (IndexerWildcardPrivilege) p;

        List<KeyValue> otherParts = wp.parts;
        if (equals(wp)) {
            return true;
        }
        int index = 0;
        for (KeyValue otherPart : otherParts) {
            // If this privilege has less parts than the other privilege, everything
            // after the number of parts contained
            // in this privilege is automatically implied, so return true
            if (parts.size() - 1 < index) {
                return true;
            } else {
                KeyValue part = parts.get(index);
                // are the keys even equal
                if (!part.getKey().equalsIgnoreCase(otherPart.getKey())) {
                    return false;
                }
                if (!impliesKeyValue(part, otherPart)) {
                    return false;
                }
                index++;
            }
        }
        // If this privilege has more parts than
        // the other parts, only imply it if
        // all of the other parts are wildcards
        for (; index < parts.size(); index++) {
            KeyValue part = parts.get(index);
            if (!part.getValue().equals(IndexerConstants.ALL)) {
                return false;
            }
        }

        return true;
    }

    private boolean impliesKeyValue(KeyValue policyPart, KeyValue requestPart) {
        Preconditions.checkState(policyPart.getKey().equalsIgnoreCase(requestPart.getKey()),
                "Please report, this method should not be called with two different keys");
        if (policyPart.getValue().equals(IndexerConstants.ALL) || policyPart.equals(requestPart)) {
            return true;
        } else if (!ProviderConstants.PRIVILEGE_NAME.equalsIgnoreCase(policyPart.getKey())
                && IndexerConstants.ALL.equalsIgnoreCase(requestPart.getValue())) {
            /* privilege request is to match with any object of given type */
            return true;
        }
        return false;
    }

    @Override
    public String toString() {
        return ProviderConstants.AUTHORIZABLE_JOINER.join(parts);
    }

    @Override
    public boolean equals(Object o) {
        if (o instanceof IndexerWildcardPrivilege) {
            IndexerWildcardPrivilege wp = (IndexerWildcardPrivilege) o;
            return parts.equals(wp.parts);
        }
        return false;
    }

    @Override
    public int hashCode() {
        return parts.hashCode();
    }

    public static class IndexerWildcardPrivilegeFactory implements PrivilegeFactory {
        @Override
        public Privilege createPrivilege(String privilege) {
            return new IndexerWildcardPrivilege(privilege);
        }
    }
}