ATLAS-495 Atlas Ranger Authorization Plugin (nixonrodrigues via shwethags)

authorization/pom.xml

+<?xml version="1.0"?>
+<!--
+  ~ Licensed to the Apache Software Foundation (ASF) under one
+  ~ or more contributor license agreements.  See the NOTICE file
+  ~ distributed with this work for additional information
+  ~ regarding copyright ownership.  The ASF licenses this file
+  ~ to you under the Apache License, Version 2.0 (the
+  ~ "License"); you may not use this file except in compliance
+  ~ with the License.  You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+  
+<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"
+    xmlns="http://maven.apache.org/POM/4.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>org.apache.atlas</groupId>
+    <artifactId>apache-atlas</artifactId>
+    <version>0.7-incubating-SNAPSHOT</version>
+  </parent>
+  <artifactId>atlas-authorization</artifactId>
+  <name>Apache Atlas Authorization</name>
+  <packaging>jar</packaging>
+  
+  <dependencies>
+      <dependency>
+          <groupId>org.apache.atlas</groupId>
+          <artifactId>atlas-common</artifactId>
+      </dependency>
+
+      <dependency>
+          <groupId>org.apache.atlas</groupId>
+          <artifactId>atlas-client</artifactId>
+      </dependency>
+
+      <dependency>
+          <groupId>javax.servlet</groupId>
+          <artifactId>javax.servlet-api</artifactId>
+          <version>${javax.servlet.version}</version>
+      </dependency>
+
+      <dependency>
+          <groupId>org.testng</groupId>
+          <artifactId>testng</artifactId>
+      </dependency>
+
+  </dependencies>
+</project>

webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessRequest.java → authorization/src/main/java/org/apache/atlas/authorize/AtlasAccessRequest.java

@@ -18,8 +18,11 @@
 package org.apache.atlas.authorize;
 
 import java.util.Date;
-import java.util.List;
+import java.util.Set;
 
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.atlas.authorize.simple.AtlasAuthorizationUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -27,18 +30,23 @@ public class AtlasAccessRequest {
 
     private static Logger LOG = LoggerFactory.getLogger(AtlasAccessRequest.class);
     private static boolean isDebugEnabled = LOG.isDebugEnabled();
-    private List<AtlasResourceTypes> resourceType = null;
+    private Set<AtlasResourceTypes> resourceType = null;
     private String resource = null;
     private AtlasActionTypes action = null;
     private String user = null;
-    private List<String> userGroups = null;
+    private Set<String> userGroups = null;
     private Date accessTime = null;
     private String clientIPAddress = null;
 
-    public AtlasAccessRequest(List<AtlasResourceTypes> resourceType, String resource, AtlasActionTypes action,
-        String user, List<String> userGroups) {
+    public AtlasAccessRequest(HttpServletRequest request, String user, Set<String> userGroups) {
+        this(AtlasAuthorizationUtils.getAtlasResourceType(request.getServletPath()), "*", AtlasAuthorizationUtils
+            .getAtlasAction(request.getMethod()), user, userGroups);
+    }
+
+    public AtlasAccessRequest(Set<AtlasResourceTypes> resourceType, String resource, AtlasActionTypes action,
+        String user, Set<String> userGroups) {
         if (isDebugEnabled) {
-            LOG.debug("<== AtlasAccessRequestImpl-- Initializing AtlasAccessRequest");
+            LOG.debug("==> AtlasAccessRequestImpl-- Initializing AtlasAccessRequest");
         }
         setResource(resource);
         setAction(action);
@@ -51,11 +59,11 @@ public class AtlasAccessRequest {
         setClientIPAddress(null);
     }
 
-    public List<AtlasResourceTypes> getResourceTypes() {
+    public Set<AtlasResourceTypes> getResourceTypes() {
         return resourceType;
     }
 
-    public void setResourceType(List<AtlasResourceTypes> resourceType) {
+    public void setResourceType(Set<AtlasResourceTypes> resourceType) {
         this.resourceType = resourceType;
     }
 
@@ -83,11 +91,11 @@ public class AtlasAccessRequest {
         this.user = user;
     }
 
-    public void setUserGroups(List<String> userGroups) {
+    public void setUserGroups(Set<String> userGroups) {
         this.userGroups = userGroups;
     }
 
-    public List<String> getUserGroups() {
+    public Set<String> getUserGroups() {
         return userGroups;
     }
 

webapp/src/main/java/org/apache/atlas/authorize/AtlasActionTypes.java → authorization/src/main/java/org/apache/atlas/authorize/AtlasActionTypes.java

@@ -18,5 +18,5 @@
 package org.apache.atlas.authorize;
 
 public enum AtlasActionTypes {
-    READ, WRITE, UPDATE, DELETE;
+    READ, CREATE, UPDATE, DELETE;
 }

webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationException.java → authorization/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationException.java

@@ -21,10 +21,6 @@ package org.apache.atlas.authorize;
 public class AtlasAuthorizationException extends Exception {
     private static final long serialVersionUID = 1L;
 
-    public AtlasAuthorizationException() {
-
-    }
-
     public AtlasAuthorizationException(String message) {
         super(message);
     }
@@ -37,4 +33,8 @@ public class AtlasAuthorizationException extends Exception {
         boolean writableStackTrace) {
         super(message, exception, enableSuppression, writableStackTrace);
     }
+
+    public AtlasAuthorizationException(AtlasAccessRequest request) {
+        super("Unauthorized Request : " + request);
+    }
 }

webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java → authorization/src/main/java/org/apache/atlas/authorize/AtlasAuthorizer.java

@@ -20,17 +20,16 @@ package org.apache.atlas.authorize;
 
 
 public interface AtlasAuthorizer {
+
+
     /**
      * This method will load the policy file and would initialize the required data-structures.
      */
     public void init();
 
     /**
-     * This method is responsible to perform the actual authorization for every REST API call. It will check the if the
-     * user:u can perform action:a on resource:r.
-     * 
-     * @param request
-     * @return
+     * This method is responsible to perform the actual authorization for every REST API call. It will check if
+     * user can perform action on resource.
      */
     public boolean isAccessAllowed(AtlasAccessRequest request) throws AtlasAuthorizationException;
 

authorization/src/main/java/org/apache/atlas/authorize/AtlasAuthorizerFactory.java

+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.atlas.authorize;
+
+import org.apache.atlas.ApplicationProperties;
+import org.apache.atlas.AtlasException;
+import org.apache.commons.configuration.Configuration;
+import org.apache.commons.lang.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class AtlasAuthorizerFactory {
+
+    private static final Logger LOG = LoggerFactory.getLogger(AtlasAuthorizerFactory.class);
+    private static final String SIMPLE_AUTHORIZER = "org.apache.atlas.authorize.simple.SimpleAtlasAuthorizer";
+    private static final String RANGER_AUTHORIZER =
+        "org.apache.ranger.authorization.atlas.authorizer.RangerAtlasAuthorizer";
+    private static volatile AtlasAuthorizer INSTANCE = null;
+    private static boolean isDebugEnabled = LOG.isDebugEnabled();
+
+    public static AtlasAuthorizer getAtlasAuthorizer() throws AtlasAuthorizationException {
+        Configuration configuration = null;
+        try {
+            configuration = ApplicationProperties.get();
+        } catch (AtlasException e) {
+            if (LOG.isErrorEnabled()) {
+                LOG.error("Exception while fetching configuration. ", e);
+            }
+        }
+        AtlasAuthorizer ret = INSTANCE;
+
+        if (ret == null) {
+            synchronized (AtlasAuthorizerFactory.class) {
+                if (INSTANCE == null) {
+                    String authorizerClass =
+                        configuration != null ? configuration.getString("atlas.authorizer.impl") : "SIMPLE";
+
+                    if (StringUtils.isNotEmpty(authorizerClass)) {
+                        if (StringUtils.equalsIgnoreCase(authorizerClass, "SIMPLE")) {
+                            authorizerClass = SIMPLE_AUTHORIZER;
+                        } else if (StringUtils.equalsIgnoreCase(authorizerClass, "RANGER")) {
+                            authorizerClass = RANGER_AUTHORIZER;
+                        }
+                    } else {
+                        authorizerClass = SIMPLE_AUTHORIZER;
+                    }
+
+                    if (isDebugEnabled) {
+                        LOG.debug("Initializing Authorizer :: " + authorizerClass);
+                    }
+                    try {
+                        Class authorizerMetaObject = Class.forName(authorizerClass);
+                        if (authorizerMetaObject != null) {
+                            INSTANCE = (AtlasAuthorizer) authorizerMetaObject.newInstance();
+                        }
+                    } catch (Exception e) {
+                        LOG.error("Error while creating authorizer of type '" + authorizerClass + "'", e);
+                        throw new AtlasAuthorizationException("Error while creating authorizer of type '"
+                            + authorizerClass + "'", e);
+                    }
+                    ret = INSTANCE;
+                }
+            }
+        }
+        return ret;
+    }
+
+}

webapp/src/main/java/org/apache/atlas/authorize/AtlasResourceTypes.java → authorization/src/main/java/org/apache/atlas/authorize/AtlasResourceTypes.java

@@ -19,5 +19,5 @@
 package org.apache.atlas.authorize;
 
 public enum AtlasResourceTypes {
-    ENTITY, TYPE, OPERATION, TAXONOMY, TERM;
+    UNKNOWN, ENTITY, TYPE, OPERATION, TAXONOMY, TERM;
 }

webapp/src/main/java/org/apache/atlas/authorize/AtlasAuthorizationUtils.java → authorization/src/main/java/org/apache/atlas/authorize/simple/AtlasAuthorizationUtils.java

@@ -16,50 +16,41 @@
  * limitations under the License.
  */
 
-package org.apache.atlas.authorize;
+package org.apache.atlas.authorize.simple;
 
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
+import java.util.HashSet;
+import java.util.Set;
 
 import org.apache.atlas.AtlasClient;
+import org.apache.atlas.authorize.AtlasActionTypes;
+import org.apache.atlas.authorize.AtlasResourceTypes;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.google.common.base.Strings;
-
 public class AtlasAuthorizationUtils {
     private static final Logger LOG = LoggerFactory.getLogger(AtlasAuthorizationUtils.class);
     private static boolean isDebugEnabled = LOG.isDebugEnabled();
     private static final String BASE_URL = "/" + AtlasClient.BASE_URI;
 
-    public static String parse(String fullPath, String subPath) {
-        String api = null;
-        if (!Strings.isNullOrEmpty(fullPath)) {
-            api = fullPath.substring(subPath.length(), fullPath.length());
-
-        }
+    public static String getApi(String contextPath) {
         if (isDebugEnabled) {
-            LOG.debug("Extracted " + api + " from path : " + fullPath);
+            LOG.debug("==> getApi from " + contextPath);
         }
-        return api;
-    }
-
-    public static String getApi(String u) {
-        if (isDebugEnabled) {
-            LOG.debug("getApi <=== from " + u);
-        }
-        if (u.startsWith(BASE_URL)) {
-            u = parse(u, BASE_URL);
+        if (contextPath.startsWith(BASE_URL)) {
+            contextPath = contextPath.substring(BASE_URL.length());
         } else {
             // strip of leading '/'
-            u = u.substring(1);
+            if (contextPath.startsWith("/")) {
+                contextPath = contextPath.substring(1);
+            }
         }
-        String[] split = u.split("/");
+        String[] split = contextPath.split("/", 3);
         String api = split[0];
-        return (! api.equals("v1")) ? api : String.format("v1/%s", split[1]);
+        if (split.length > 1) {
+            return (!api.equals("v1")) ? api : String.format("v1/%s", split[1]);
+        } else {
+            return api;
+        }
     }
 
     public static AtlasActionTypes getAtlasAction(String method) {
@@ -67,7 +58,7 @@ public class AtlasAuthorizationUtils {
 
         switch (method.toUpperCase()) {
             case "POST":
-                action = AtlasActionTypes.WRITE;
+                action = AtlasActionTypes.CREATE;
                 break;
             case "GET":
                 action = AtlasActionTypes.READ;
@@ -80,70 +71,61 @@ public class AtlasAuthorizationUtils {
                 break;
             default:
                 if (isDebugEnabled) {
-                    LOG.debug("Invalid HTTP method in request : " + method + " this is serious!!!");
+                    LOG.debug("getAtlasAction(): Invalid HTTP method '" + method + "'");
                 }
                 break;
         }
 
         if (isDebugEnabled) {
-            LOG.debug("==> AtlasAuthorizationFilter getAtlasAction HTTP Method " + method + " mapped to AtlasAction : "
+            LOG.debug("<== AtlasAuthorizationFilter getAtlasAction HTTP Method " + method + " mapped to AtlasAction : "
                 + action);
         }
         return action;
     }
 
-    public static List<AtlasResourceTypes> getAtlasResourceType(String contextPath) throws ServletException {
-        List<AtlasResourceTypes> resourceTypes = new ArrayList<AtlasResourceTypes>();
+    /**
+     * @param contextPath
+     * @return set of AtlasResourceTypes types api mapped with AtlasResourceTypes.TYPE eg :- /api/atlas/types/*
+     *
+     *         gremlin discovery,admin,graph apis are mapped with AtlasResourceTypes.OPERATION eg :-/api/atlas/admin/*
+     *         /api/atlas/discovery/search/gremlin /api/atlas/graph/*
+     *
+     *         entities,lineage and discovery apis are mapped with AtlasResourceTypes.ENTITY eg :- /api/atlas/lineage/hive/table/*
+     *         /api/atlas/entities/{guid}* /api/atlas/discovery/*
+     * 
+     *         unprotected types are mapped with AtlasResourceTypes.UNKNOWN, access to these are allowed.
+     */
+    public static Set<AtlasResourceTypes> getAtlasResourceType(String contextPath) {
+        Set<AtlasResourceTypes> resourceTypes = new HashSet<AtlasResourceTypes>();
         if (isDebugEnabled) {
-            LOG.debug("getAtlasResourceType <=== for " + contextPath);
+            LOG.debug("==> getAtlasResourceType  for " + contextPath);
         }
         String api = getApi(contextPath);
-
         if (api.startsWith("types")) {
             resourceTypes.add(AtlasResourceTypes.TYPE);
-        } else if ((api.startsWith("discovery") && contextPath.contains("gremlin")) || api.startsWith("admin")
+        } else if ((api.startsWith("discovery") && contextPath.contains("/gremlin")) || api.startsWith("admin")
             || api.startsWith("graph")) {
             resourceTypes.add(AtlasResourceTypes.OPERATION);
-        } else if ((api.startsWith("entities") && contextPath.contains("traits")) || api.startsWith("discovery")) {
-            resourceTypes.add(AtlasResourceTypes.ENTITY);
-            resourceTypes.add(AtlasResourceTypes.TYPE);
-        } else if (api.startsWith("entities") || api.startsWith("lineage")) {
+        } else if (api.startsWith("entities") || api.startsWith("lineage") || api.startsWith("discovery")) {
             resourceTypes.add(AtlasResourceTypes.ENTITY);
         } else if (api.startsWith("v1/taxonomies")) {
             resourceTypes.add(AtlasResourceTypes.TAXONOMY);
             // taxonomies are modeled as entities
             resourceTypes.add(AtlasResourceTypes.ENTITY);
-            if (contextPath.contains("terms")) {
+            if (contextPath.contains("/terms")) {
                 resourceTypes.add(AtlasResourceTypes.TERM);
-                // terms are modeled as traits
-                resourceTypes.add(AtlasResourceTypes.TYPE);
             }
         } else if (api.startsWith("v1/entities")) {
             resourceTypes.add(AtlasResourceTypes.ENTITY);
-            if (contextPath.contains("tags")) {
-                // tags are modeled as traits
-                resourceTypes.add(AtlasResourceTypes.TYPE);
-            }
         } else {
-            LOG.error("Unable to find Atlas Resource corresponding to : " + api);
-            throw new ServletException("Unable to find Atlas Resource corresponding to : " + api);
+            LOG.error("Unable to find Atlas Resource corresponding to : " + api + "\nSetting "
+                + AtlasResourceTypes.UNKNOWN.name());
+            resourceTypes.add(AtlasResourceTypes.UNKNOWN);
         }
 
         if (isDebugEnabled) {
-            LOG.debug("Returning AtlasResources " + resourceTypes + " for api " + api);
+            LOG.debug("<== Returning AtlasResources " + resourceTypes + " for api " + api);
         }
         return resourceTypes;
     }
-
-    /*
-     * This implementation will be changed for Resource level Authorization.
-     */
-    public static String getAtlasResource(HttpServletRequest requeset, AtlasActionTypes action) {
-        if (isDebugEnabled) {
-            LOG.debug("getAtlasResource <=== "
-                + "This implementation will be changed for Resource level Authorization.");
-        }
-        return "*";
-    }
-
 }

webapp/src/main/java/org/apache/atlas/util/FileReaderUtil.java → authorization/src/main/java/org/apache/atlas/authorize/simple/FileReaderUtil.java

@@ -16,11 +16,12 @@
  * limitations under the License.
  */
 
-package org.apache.atlas.util;
+package org.apache.atlas.authorize.simple;
 
-import java.io.BufferedReader;
-import java.io.FileReader;
 import java.io.IOException;
+import java.nio.charset.Charset;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.regex.Pattern;
@@ -33,24 +34,23 @@ public class FileReaderUtil {
 
     public static List<String> readFile(String path) throws IOException {
         if (isDebugEnabled) {
-            LOG.debug("<== FileReaderUtil readFile");
+            LOG.debug("==> FileReaderUtil readFile");
         }
-        LOG.info("reading the file" + path);
-        BufferedReader br = new BufferedReader(new FileReader(path));
         List<String> list = new ArrayList<String>();
-        String line = null;
-        while ((line = br.readLine()) != null) {
-            if ((!line.startsWith("##")) && Pattern.matches(".+;;.*;;.*;;.+", line))
-                list.add(line);
+        LOG.info("reading the file" + path);
+        List<String> fileLines = Files.readAllLines(Paths.get(path), Charset.forName("UTF-8"));
+        if (fileLines != null) {
+            for (String line : fileLines) {
+                if ((!line.startsWith("##")) && Pattern.matches(".+;;.*;;.*;;.+", line))
+                    list.add(line);
+            }
         }
 
         if (isDebugEnabled) {
-            LOG.debug("==> FileReaderUtil readFile");
+            LOG.debug("<== FileReaderUtil readFile");
             LOG.debug("Policies read :: " + list);
         }
-        if (br != null) {
-            br.close();
-        }
+
         return list;
     }
 }
\ No newline at end of file

webapp/src/main/java/org/apache/atlas/authorize/PolicyDef.java → authorization/src/main/java/org/apache/atlas/authorize/simple/PolicyDef.java

@@ -14,11 +14,14 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.atlas.authorize;
+package org.apache.atlas.authorize.simple;
 
 import java.util.List;
 import java.util.Map;
 
+import org.apache.atlas.authorize.AtlasActionTypes;
+import org.apache.atlas.authorize.AtlasResourceTypes;
+
 public class PolicyDef {
 
     private String policyName;

webapp/src/main/java/org/apache/atlas/authorize/PolicyParser.java → authorization/src/main/java/org/apache/atlas/authorize/simple/PolicyParser.java

@@ -15,7 +15,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.atlas.authorize;
+package org.apache.atlas.authorize.simple;
 
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -23,9 +23,13 @@ import java.util.List;
 import java.util.Map;
 import java.util.regex.Pattern;
 
+import org.apache.atlas.authorize.AtlasActionTypes;
+import org.apache.atlas.authorize.AtlasResourceTypes;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import scala.tools.jline.internal.Log;
+
 public class PolicyParser {
 
     private static Logger LOG = LoggerFactory.getLogger(PolicyParser.class);
@@ -46,7 +50,7 @@ public class PolicyParser {
 
     private List<AtlasActionTypes> getListOfAutorities(String auth) {
         if (isDebugEnabled) {
-            LOG.debug("<== PolicyParser getListOfAutorities");
+            LOG.debug("==> PolicyParser getListOfAutorities");
         }
         List<AtlasActionTypes> authorities = new ArrayList<AtlasActionTypes>();
 
@@ -57,7 +61,7 @@ public class PolicyParser {
                     authorities.add(AtlasActionTypes.READ);
                     break;
                 case 'w':
-                    authorities.add(AtlasActionTypes.WRITE);
+                    authorities.add(AtlasActionTypes.CREATE);
                     break;
                 case 'u':
                     authorities.add(AtlasActionTypes.UPDATE);
@@ -68,28 +72,30 @@ public class PolicyParser {
 
                 default:
                     if (LOG.isErrorEnabled()) {
-                        LOG.error("Invalid Action");
+                        LOG.error("Invalid action: '" + access + "'");
                     }
                     break;
             }
         }
         if (isDebugEnabled) {
-            LOG.debug("==> PolicyParser getListOfAutorities");
+            LOG.debug("<== PolicyParser getListOfAutorities");
         }
         return authorities;
     }
 
     public List<PolicyDef> parsePolicies(List<String> policies) {
         if (isDebugEnabled) {
-            LOG.debug("<== PolicyParser parsePolicies");
+            LOG.debug("==> PolicyParser parsePolicies");
         }
         List<PolicyDef> policyDefs = new ArrayList<PolicyDef>();
         for (String policy : policies) {
             PolicyDef policyDef = parsePolicy(policy);
-            policyDefs.add(policyDef);
+            if (policyDef != null) {
+                policyDefs.add(policyDef);
+            }
         }
         if (isDebugEnabled) {
-            LOG.debug("==> PolicyParser parsePolicies");
+            LOG.debug("<== PolicyParser parsePolicies");
             LOG.debug(policyDefs.toString());
         }
         return policyDefs;
@@ -97,36 +103,42 @@ public class PolicyParser {
 
     private PolicyDef parsePolicy(String data) {
         if (isDebugEnabled) {
-            LOG.debug("<== PolicyParser parsePolicy");
+            LOG.debug("==> PolicyParser parsePolicy");
         }
-        PolicyDef def = new PolicyDef();
+        PolicyDef def = null;
         String[] props = data.split(";;");
-        def.setPolicyName(props[POLICYNAME]);
-        parseUsers(props[USER_INDEX], def);
-        parseGroups(props[GROUP_INDEX], def);
-        parseResources(props[RESOURCE_INDEX], def);
-        if (isDebugEnabled) {
-            LOG.debug("policy successfully parsed!!!");
-            LOG.debug("==> PolicyParser parsePolicy");
+
+        if (props.length < RESOURCE_INDEX) {
+            LOG.warn("skipping invalid policy line: " + data);
+        } else {
+            def = new PolicyDef();
+            def.setPolicyName(props[POLICYNAME]);
+            parseUsers(props[USER_INDEX], def);
+            parseGroups(props[GROUP_INDEX], def);
+            parseResources(props[RESOURCE_INDEX], def);
+            if (isDebugEnabled) {
+                LOG.debug("policy successfully parsed!!!");
+                LOG.debug("<== PolicyParser parsePolicy");
+            }
         }
         return def;
     }
 
     private boolean validateEntity(String entity) {
         if (isDebugEnabled) {
-            LOG.debug("<== PolicyParser validateEntity");
+            LOG.debug("==> PolicyParser validateEntity");
         }
         boolean isValidEntity = Pattern.matches("(.+:.+)+", entity);
         boolean isEmpty = entity.isEmpty();
         if (isValidEntity == false || isEmpty == true) {
             if (isDebugEnabled) {
                 LOG.debug("group/user/resource not properly define in Policy");
-                LOG.debug("==> PolicyParser validateEntity");
+                LOG.debug("<== PolicyParser validateEntity");
             }
             return false;
         } else {
             if (isDebugEnabled) {
-                LOG.debug("==> PolicyParser validateEntity");
+                LOG.debug("<== PolicyParser validateEntity");
             }
             return true;
         }
@@ -135,7 +147,7 @@ public class PolicyParser {
 
     private void parseUsers(String usersDef, PolicyDef def) {
         if (isDebugEnabled) {
-            LOG.debug("<== PolicyParser parseUsers");
+            LOG.debug("==> PolicyParser parseUsers");
         }
         String[] users = usersDef.split(",");
         String[] userAndRole = null;
@@ -163,13 +175,13 @@ public class PolicyParser {
             def.setUsers(usersMap);
         }
         if (isDebugEnabled) {
-            LOG.debug("==> PolicyParser parseUsers");
+            LOG.debug("<== PolicyParser parseUsers");
         }
     }
 
     private void parseGroups(String groupsDef, PolicyDef def) {
         if (isDebugEnabled) {
-            LOG.debug("<== PolicyParser parseGroups");
+            LOG.debug("==> PolicyParser parseGroups");
         }
         String[] groups = groupsDef.split("\\,");
         String[] groupAndRole = null;
@@ -196,14 +208,14 @@ public class PolicyParser {
             def.setGroups(groupsMap);
         }
         if (isDebugEnabled) {
-            LOG.debug("==> PolicyParser parseGroups");
+            LOG.debug("<== PolicyParser parseGroups");
         }
 
     }
 
     private void parseResources(String resourceDef, PolicyDef def) {
         if (isDebugEnabled) {
-            LOG.debug("<== PolicyParser parseResources");
+            LOG.debug("==> PolicyParser parseResources");
         }
         String[] resources = resourceDef.split(",");
         String[] resourceTypeAndName = null;
@@ -217,8 +229,23 @@ public class PolicyParser {
                 if (def.getResources() != null) {
                     resourcesMap = def.getResources();
                 }
-                AtlasResourceTypes resourceType =
-                    AtlasResourceTypes.valueOf(resourceTypeAndName[RESOURCE_TYPE].toUpperCase());
+                AtlasResourceTypes resourceType = null;
+                String type = resourceTypeAndName[RESOURCE_TYPE].toUpperCase();
+                if (type.equalsIgnoreCase("ENTITY")) {
+                    resourceType = AtlasResourceTypes.ENTITY;
+                } else if (type.equalsIgnoreCase("OPERATION")) {
+                    resourceType = AtlasResourceTypes.OPERATION;
+                } else if (type.equalsIgnoreCase("TYPE")) {
+                    resourceType = AtlasResourceTypes.TYPE;
+                } else if (type.equalsIgnoreCase("TAXONOMY")) {
+                    resourceType = AtlasResourceTypes.TAXONOMY;
+                } else if (type.equalsIgnoreCase("TERM")) {
+                    resourceType = AtlasResourceTypes.TERM;
+                } else {
+                    Log.warn(type + " is invalid resource please check PolicyStore file");
+                    continue;
+                }
+
                 List<String> resourceList = resourcesMap.get(resourceType);
                 if (resourceList == null) {
                     resourceList = new ArrayList<String>();
@@ -231,7 +258,7 @@ public class PolicyParser {
             def.setResources(resourcesMap);
         }
         if (isDebugEnabled) {
-            LOG.debug("==> PolicyParser parseResources");
+            LOG.debug("<== PolicyParser parseResources");
         }
     }
 

webapp/src/main/java/org/apache/atlas/authorize/PolicyUtil.java → authorization/src/main/java/org/apache/atlas/authorize/simple/PolicyUtil.java

@@ -14,7 +14,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.atlas.authorize;
+package org.apache.atlas.authorize.simple;
 
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -22,6 +22,8 @@ import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
 
+import org.apache.atlas.authorize.AtlasActionTypes;
+import org.apache.atlas.authorize.AtlasResourceTypes;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -29,77 +31,13 @@ public class PolicyUtil {
 
     private static Logger LOG = LoggerFactory.getLogger(PolicyUtil.class);
     private static boolean isDebugEnabled = LOG.isDebugEnabled();
-    private Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap;
-    private Map<String, Map<AtlasResourceTypes, List<String>>> userWriteMap;
-    private Map<String, Map<AtlasResourceTypes, List<String>>> userUpdateMap;
-    private Map<String, Map<AtlasResourceTypes, List<String>>> userDeleteMap;
 
-    private Map<String, Map<AtlasResourceTypes, List<String>>> groupReadMap;
-    private Map<String, Map<AtlasResourceTypes, List<String>>> groupWriteMap;
-    private Map<String, Map<AtlasResourceTypes, List<String>>> groupUpdateMap;
-    private Map<String, Map<AtlasResourceTypes, List<String>>> groupDeleteMap;
-
-    /**
-     * @return the userReadMap
-     */
-    public Map<String, Map<AtlasResourceTypes, List<String>>> getUserReadMap() {
-        return userReadMap;
-    }
-
-    /**
-     * @return the userWriteMap
-     */
-    public Map<String, Map<AtlasResourceTypes, List<String>>> getUserWriteMap() {
-        return userWriteMap;
-    }
-
-    /**
-     * @return the userUpdateMap
-     */
-    public Map<String, Map<AtlasResourceTypes, List<String>>> getUserUpdateMap() {
-        return userUpdateMap;
-    }
-
-    /**
-     * @return the userDeleteMap
-     */
-    public Map<String, Map<AtlasResourceTypes, List<String>>> getUserDeleteMap() {
-        return userDeleteMap;
-    }
-
-    /**
-     * @return the groupReadMap
-     */
-    public Map<String, Map<AtlasResourceTypes, List<String>>> getGroupReadMap() {
-        return groupReadMap;
-    }
-
-    /**
-     * @return the groupWriteMap
-     */
-    public Map<String, Map<AtlasResourceTypes, List<String>>> getGroupWriteMap() {
-        return groupWriteMap;
-    }
-
-    /**
-     * @return the groupUpdateMap
-     */
-    public Map<String, Map<AtlasResourceTypes, List<String>>> getGroupUpdateMap() {
-        return groupUpdateMap;
-    }
-
-    /**
-     * @return the groupDeleteMap
-     */
-    public Map<String, Map<AtlasResourceTypes, List<String>>> getGroupDeleteMap() {
-        return groupDeleteMap;
-    }
 
     public Map<String, Map<AtlasResourceTypes, List<String>>> createPermissionMap(List<PolicyDef> policyDefList,
-        AtlasActionTypes permissionType, AtlasAccessorTypes principalType) {
+        AtlasActionTypes permissionType, SimpleAtlasAuthorizer.AtlasAccessorTypes principalType) {
         if (isDebugEnabled) {
-            LOG.debug("<== PolicyUtil createPermissionMap");
-            LOG.debug("Creating Permission Map for :: " + permissionType + " & " + principalType);
+            LOG.debug("==> PolicyUtil createPermissionMap" + "\nCreating Permission Map for :: " + permissionType
+                + " & " + principalType);
         }
         Map<String, Map<AtlasResourceTypes, List<String>>> userReadMap =
             new HashMap<String, Map<AtlasResourceTypes, List<String>>>();
@@ -108,7 +46,8 @@ public class PolicyUtil {
         for (PolicyDef policyDef : policyDefList) {
             LOG.info("Processing policy def : " + policyDef);
             Map<String, List<AtlasActionTypes>> principalMap =
-                principalType.equals(AtlasAccessorTypes.USER) ? policyDef.getUsers() : policyDef.getGroups();
+                principalType.equals(SimpleAtlasAuthorizer.AtlasAccessorTypes.USER) ? policyDef.getUsers() : policyDef
+                    .getGroups();
             // For every policy extract the resource list and populate the user map
             for (Entry<String, List<AtlasActionTypes>> e : principalMap.entrySet()) {
                 // Check if the user has passed permission type like READ
@@ -150,12 +89,12 @@ public class PolicyUtil {
                     userResourceList.put(type, resourceList);
                 }
                 userReadMap.put(username, userResourceList);
-                LOG.info("userReadMap=====>>>>>> " + userReadMap);
+                LOG.info("userReadMap " + userReadMap);
             }
         }
         if (isDebugEnabled) {
             LOG.debug("Returning Map for " + principalType + " :: " + userReadMap);
-            LOG.debug("==> PolicyUtil createPermissionMap");
+            LOG.debug("<== PolicyUtil createPermissionMap");
         }
         return userReadMap;
 

webapp/src/test/java/org/apache/atlas/authorize/AtlasAuthorizationUtilsTest.java → authorization/src/test/java/org/apache/atlas/authorize/simple/AtlasAuthorizationUtilsTest.java

@@ -16,11 +16,12 @@
  * limitations under the License.
  */
 
-package org.apache.atlas.authorize;
+package org.apache.atlas.authorize.simple;
 
+import org.apache.atlas.authorize.AtlasResourceTypes;
 import org.testng.annotations.Test;
 
-import java.util.List;
+import java.util.Set;
 
 import static org.testng.Assert.assertEquals;
 import static org.testng.Assert.assertTrue;
@@ -52,7 +53,7 @@ public class AtlasAuthorizationUtilsTest {
     @Test
     public void testGetAtlasResourceType() throws Exception {
         String contextPath = "/api/atlas/types";
-        List<AtlasResourceTypes> resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath);
+        Set<AtlasResourceTypes> resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath);
         assertEquals(resourceTypes.size(), 1);
         assertTrue(resourceTypes.contains(AtlasResourceTypes.TYPE));
 
@@ -73,15 +74,13 @@ public class AtlasAuthorizationUtilsTest {
 
         contextPath = "/api/atlas/entities/111/traits";
         resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath);
-        assertEquals(resourceTypes.size(), 2);
+        assertEquals(resourceTypes.size(), 1);
         assertTrue(resourceTypes.contains(AtlasResourceTypes.ENTITY));
-        assertTrue(resourceTypes.contains(AtlasResourceTypes.TYPE));
 
         contextPath = "/api/atlas/discovery/search";
         resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath);
-        assertEquals(resourceTypes.size(), 2);
+        assertEquals(resourceTypes.size(), 1);
         assertTrue(resourceTypes.contains(AtlasResourceTypes.ENTITY));
-        assertTrue(resourceTypes.contains(AtlasResourceTypes.TYPE));
 
         contextPath = "/api/atlas/entities?type=Column";
         resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath);
@@ -101,11 +100,10 @@ public class AtlasAuthorizationUtilsTest {
 
         contextPath = "/api/atlas/v1/taxonomies/taxonomy1/terms";
         resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath);
-        assertEquals(resourceTypes.size(), 4);
+        assertEquals(resourceTypes.size(), 3);
         assertTrue(resourceTypes.contains(AtlasResourceTypes.TAXONOMY));
         assertTrue(resourceTypes.contains(AtlasResourceTypes.ENTITY));
         assertTrue(resourceTypes.contains(AtlasResourceTypes.TERM));
-        assertTrue(resourceTypes.contains(AtlasResourceTypes.TYPE));
 
         contextPath = "/api/atlas/v1/entities/111";
         resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath);
@@ -114,8 +112,7 @@ public class AtlasAuthorizationUtilsTest {
 
         contextPath = "/api/atlas/v1/entities/111/tags/foo";
         resourceTypes = AtlasAuthorizationUtils.getAtlasResourceType(contextPath);
-        assertEquals(resourceTypes.size(), 2);
+        assertEquals(resourceTypes.size(), 1);
         assertTrue(resourceTypes.contains(AtlasResourceTypes.ENTITY));
-        assertTrue(resourceTypes.contains(AtlasResourceTypes.TYPE));
     }
 }

webapp/src/test/java/org/apache/atlas/authorize/PolicyParserTest.java → authorization/src/test/java/org/apache/atlas/authorize/simple/PolicyParserTest.java

@@ -14,14 +14,19 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.atlas.authorize;
+package org.apache.atlas.authorize.simple;
 
-import static org.junit.Assert.assertEquals;
+import static org.testng.AssertJUnit.assertEquals;
 
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+
+import org.apache.atlas.authorize.AtlasActionTypes;
+import org.apache.atlas.authorize.AtlasResourceTypes;
+import org.apache.atlas.authorize.simple.PolicyDef;
+import org.apache.atlas.authorize.simple.PolicyParser;
 import org.testng.annotations.Test;
 
 public class PolicyParserTest {
@@ -34,7 +39,7 @@ public class PolicyParserTest {
         Map<String, List<AtlasActionTypes>> groupMap = new HashMap<String, List<AtlasActionTypes>>();
         List<AtlasActionTypes> accessList1 = new ArrayList<AtlasActionTypes>();
         accessList1.add(AtlasActionTypes.READ);
-        accessList1.add(AtlasActionTypes.WRITE);
+        accessList1.add(AtlasActionTypes.CREATE);
         accessList1.add(AtlasActionTypes.UPDATE);
 
         groupMap.put("grp1", accessList1);
@@ -50,7 +55,7 @@ public class PolicyParserTest {
 
         List<AtlasActionTypes> usr2AccessList = new ArrayList<AtlasActionTypes>();
         usr2AccessList.add(AtlasActionTypes.READ);
-        usr2AccessList.add(AtlasActionTypes.WRITE);
+        usr2AccessList.add(AtlasActionTypes.CREATE);
         usersMap.put("usr2", usr2AccessList);
 
         /* Creating resources data */
@@ -87,7 +92,7 @@ public class PolicyParserTest {
         Map<String, List<AtlasActionTypes>> groupMap = new HashMap<String, List<AtlasActionTypes>>();
         List<AtlasActionTypes> accessList1 = new ArrayList<AtlasActionTypes>();
         accessList1.add(AtlasActionTypes.READ);
-        accessList1.add(AtlasActionTypes.WRITE);
+        accessList1.add(AtlasActionTypes.CREATE);
         accessList1.add(AtlasActionTypes.UPDATE);
 
         groupMap.put("grp1", accessList1);
@@ -139,7 +144,7 @@ public class PolicyParserTest {
 
         List<AtlasActionTypes> usr2AccessList = new ArrayList<AtlasActionTypes>();
         usr2AccessList.add(AtlasActionTypes.READ);
-        usr2AccessList.add(AtlasActionTypes.WRITE);
+        usr2AccessList.add(AtlasActionTypes.CREATE);
         usersMap.put("usr2", usr2AccessList);
 
         // Creating resources data

webapp/src/test/java/org/apache/atlas/authorize/PolicyUtilTest.java → authorization/src/test/java/org/apache/atlas/authorize/simple/PolicyUtilTest.java

@@ -14,15 +14,20 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.atlas.authorize;
+package org.apache.atlas.authorize.simple;
 
-import static org.junit.Assert.assertEquals;
+import static org.testng.AssertJUnit.assertEquals;
 
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-
+import org.apache.atlas.authorize.simple.SimpleAtlasAuthorizer;
+import org.apache.atlas.authorize.AtlasActionTypes;
+import org.apache.atlas.authorize.AtlasResourceTypes;
+import org.apache.atlas.authorize.simple.PolicyDef;
+import org.apache.atlas.authorize.simple.PolicyParser;
+import org.apache.atlas.authorize.simple.PolicyUtil;
 import org.testng.annotations.Test;
 
 public class PolicyUtilTest {
@@ -52,7 +57,7 @@ public class PolicyUtilTest {
         List<PolicyDef> policyDefList = new PolicyParser().parsePolicies(policies);
 
         Map<String, Map<AtlasResourceTypes, List<String>>> createdPermissionMap =
-            new PolicyUtil().createPermissionMap(policyDefList, AtlasActionTypes.READ, AtlasAccessorTypes.GROUP);
+            new PolicyUtil().createPermissionMap(policyDefList, AtlasActionTypes.READ, SimpleAtlasAuthorizer.AtlasAccessorTypes.GROUP);
 
         assertEquals(permissionMap, createdPermissionMap);
 
@@ -87,7 +92,7 @@ public class PolicyUtilTest {
         List<PolicyDef> policyDefList = new PolicyParser().parsePolicies(policies);
 
         Map<String, Map<AtlasResourceTypes, List<String>>> createdPermissionMap =
-            new PolicyUtil().createPermissionMap(policyDefList, AtlasActionTypes.READ, AtlasAccessorTypes.GROUP);
+            new PolicyUtil().createPermissionMap(policyDefList, AtlasActionTypes.READ, SimpleAtlasAuthorizer.AtlasAccessorTypes.GROUP);
 
         assertEquals(permissionMap, createdPermissionMap);
 

webapp/src/test/java/org/apache/atlas/authorize/SimpleAtlasAuthorizerTest.java → authorization/src/test/java/org/apache/atlas/authorize/simple/SimpleAtlasAuthorizerTest.java

@@ -14,22 +14,25 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.apache.atlas.authorize;
+package org.apache.atlas.authorize.simple;
 
 import java.util.ArrayList;
+import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 import java.util.Map;
 
+import org.apache.atlas.authorize.*;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.testng.AssertJUnit;
 import org.testng.annotations.Test;
 
-
 public class SimpleAtlasAuthorizerTest {
 
-    private static Logger LOG = LoggerFactory.getLogger(SimpleAtlasAuthorizerTest.class);
-    
+    private static Logger LOG = LoggerFactory
+            .getLogger(SimpleAtlasAuthorizerTest.class);
+
     @Test
     public void testAccessAllowedForUserAndGroup() {
 
@@ -41,24 +44,29 @@ public class SimpleAtlasAuthorizerTest {
         List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies);
         PolicyUtil policyUtil = new PolicyUtil();
         // group read map
-        groupReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.GROUP);
+        groupReadMap = policyUtil.createPermissionMap(policyDefs,
+                AtlasActionTypes.READ, SimpleAtlasAuthorizer.AtlasAccessorTypes.GROUP);
         // creating user readMap
-        userReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.USER);
+        userReadMap = policyUtil.createPermissionMap(policyDefs,
+                AtlasActionTypes.READ, SimpleAtlasAuthorizer.AtlasAccessorTypes.USER);
 
-        List<AtlasResourceTypes> resourceType = new ArrayList<AtlasResourceTypes>();
+        Set<AtlasResourceTypes> resourceType = new HashSet<AtlasResourceTypes>();
         resourceType.add(AtlasResourceTypes.TYPE);
         String resource = "xsdfhjabc";
         AtlasActionTypes action = AtlasActionTypes.READ;
         String user = "usr1";
 
-        List<String> userGroups = new ArrayList<String>();
+        Set<String> userGroups = new HashSet<String>();
         userGroups.add("grp3");
-        AtlasAccessRequest request = new AtlasAccessRequest(resourceType, resource, action, user, userGroups);
-        SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) SimpleAtlasAuthorizer.getInstance();
+        try {
+            AtlasAccessRequest request = new AtlasAccessRequest(resourceType,
+                    resource, action, user, userGroups);
+            SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) AtlasAuthorizerFactory
+                    .getAtlasAuthorizer();
 
-        authorizer.setResourcesForTesting(userReadMap, groupReadMap, action);
+            authorizer
+                    .setResourcesForTesting(userReadMap, groupReadMap, action);
 
-        try {
             boolean isAccessAllowed = authorizer.isAccessAllowed(request);
             // getUserReadMap
             AssertJUnit.assertEquals(true, isAccessAllowed);
@@ -81,29 +89,34 @@ public class SimpleAtlasAuthorizerTest {
         List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies);
         PolicyUtil policyUtil = new PolicyUtil();
         // creating group read map
-        groupReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.GROUP);
+        groupReadMap = policyUtil.createPermissionMap(policyDefs,
+                AtlasActionTypes.READ, SimpleAtlasAuthorizer.AtlasAccessorTypes.GROUP);
         // creating user readMap
-        userReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.USER);
+        userReadMap = policyUtil.createPermissionMap(policyDefs,
+                AtlasActionTypes.READ, SimpleAtlasAuthorizer.AtlasAccessorTypes.USER);
 
-        List<AtlasResourceTypes> resourceType = new ArrayList<AtlasResourceTypes>();
+        Set<AtlasResourceTypes> resourceType = new HashSet<AtlasResourceTypes>();
         resourceType.add(AtlasResourceTypes.TYPE);
         String resource = "PII";
         AtlasActionTypes action = AtlasActionTypes.READ;
         String user = "usr3";
-        List<String> userGroups = new ArrayList<String>();
+        Set<String> userGroups = new HashSet<String>();
         userGroups.add("grp1");
-        AtlasAccessRequest request = new AtlasAccessRequest(resourceType, resource, action, user, userGroups);
-        SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) SimpleAtlasAuthorizer.getInstance();
-        authorizer.setResourcesForTesting(userReadMap, groupReadMap, action);
-
+        AtlasAccessRequest request = new AtlasAccessRequest(resourceType,
+                resource, action, user, userGroups);
         try {
+            SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) AtlasAuthorizerFactory
+                    .getAtlasAuthorizer();
+            authorizer
+                    .setResourcesForTesting(userReadMap, groupReadMap, action);
+
             boolean isAccessAllowed = authorizer.isAccessAllowed(request);
             AssertJUnit.assertEquals(true, isAccessAllowed);
         } catch (AtlasAuthorizationException e) {
             if (LOG.isErrorEnabled()) {
                 LOG.error("AtlasAuthorizationException in Unit Test", e);
             }
-           
+
         }
 
     }
@@ -119,22 +132,27 @@ public class SimpleAtlasAuthorizerTest {
         List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies);
         PolicyUtil policyUtil = new PolicyUtil();
         // group read map
-        groupReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.GROUP);
+        groupReadMap = policyUtil.createPermissionMap(policyDefs,
+                AtlasActionTypes.READ, SimpleAtlasAuthorizer.AtlasAccessorTypes.GROUP);
         // creating user readMap
-        userReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.USER);
+        userReadMap = policyUtil.createPermissionMap(policyDefs,
+                AtlasActionTypes.READ, SimpleAtlasAuthorizer.AtlasAccessorTypes.USER);
 
-        List<AtlasResourceTypes> resourceType = new ArrayList<AtlasResourceTypes>();
+        Set<AtlasResourceTypes> resourceType = new HashSet<AtlasResourceTypes>();
         resourceType.add(AtlasResourceTypes.TYPE);
         String resource = "abc";
         AtlasActionTypes action = AtlasActionTypes.READ;
         String user = "usr1";
-        List<String> userGroups = new ArrayList<String>();
+        Set<String> userGroups = new HashSet<String>();
         userGroups.add("grp1");
-        AtlasAccessRequest request = new AtlasAccessRequest(resourceType, resource, action, user, userGroups);
-        SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) SimpleAtlasAuthorizer.getInstance();
-        authorizer.setResourcesForTesting(userReadMap, groupReadMap, action);
-
+        AtlasAccessRequest request = new AtlasAccessRequest(resourceType,
+                resource, action, user, userGroups);
         try {
+            SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) AtlasAuthorizerFactory
+                    .getAtlasAuthorizer();
+            authorizer
+                    .setResourcesForTesting(userReadMap, groupReadMap, action);
+
             boolean isAccessAllowed = authorizer.isAccessAllowed(request);
             AssertJUnit.assertEquals(false, isAccessAllowed);
         } catch (AtlasAuthorizationException e) {
@@ -156,22 +174,27 @@ public class SimpleAtlasAuthorizerTest {
         List<PolicyDef> policyDefs = new PolicyParser().parsePolicies(policies);
         PolicyUtil policyUtil = new PolicyUtil();
         // group read map
-        groupReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.GROUP);
+        groupReadMap = policyUtil.createPermissionMap(policyDefs,
+                AtlasActionTypes.READ, SimpleAtlasAuthorizer.AtlasAccessorTypes.GROUP);
         // creating user readMap
-        userReadMap = policyUtil.createPermissionMap(policyDefs, AtlasActionTypes.READ, AtlasAccessorTypes.USER);
+        userReadMap = policyUtil.createPermissionMap(policyDefs,
+                AtlasActionTypes.READ, SimpleAtlasAuthorizer.AtlasAccessorTypes.USER);
 
-        List<AtlasResourceTypes> resourceType = new ArrayList<AtlasResourceTypes>();
+        Set<AtlasResourceTypes> resourceType = new HashSet<AtlasResourceTypes>();
         resourceType.add(AtlasResourceTypes.TYPE);
         String resource = "PII";
         AtlasActionTypes action = AtlasActionTypes.READ;
         String user = "usr3";
-        List<String> userGroups = new ArrayList<String>();
+        Set<String> userGroups = new HashSet<String>();
         userGroups.add("grp3");
-        AtlasAccessRequest request = new AtlasAccessRequest(resourceType, resource, action, user, userGroups);
-        SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) SimpleAtlasAuthorizer.getInstance();
-        authorizer.setResourcesForTesting(userReadMap, groupReadMap, action);
-
+        AtlasAccessRequest request = new AtlasAccessRequest(resourceType,
+                resource, action, user, userGroups);
         try {
+            SimpleAtlasAuthorizer authorizer = (SimpleAtlasAuthorizer) AtlasAuthorizerFactory
+                    .getAtlasAuthorizer();
+            authorizer
+                    .setResourcesForTesting(userReadMap, groupReadMap, action);
+
             boolean isAccessAllowed = authorizer.isAccessAllowed(request);
             AssertJUnit.assertEquals(false, isAccessAllowed);
         } catch (AtlasAuthorizationException e) {

common/pom.xml

@@ -56,5 +56,11 @@
             <artifactId>mockito-all</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-beans</artifactId>
+            <version>${spring.version}</version>
+        </dependency>
+
     </dependencies>
 </project>

webapp/src/main/java/org/apache/atlas/util/PropertiesUtil.java → common/src/main/java/org/apache/atlas/utils/PropertiesUtil.java

-/*
+/**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
@@ -6,33 +6,32 @@
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
- * 
- * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
  */
 
-
-package org.apache.atlas.util;
+package org.apache.atlas.utils;
 
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Properties;
-import java.util.Set;
 
 import org.apache.log4j.Logger;
-import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
 import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
 
-public class PropertiesUtil extends PropertyPlaceholderConfigurer {
+/**
+ * Util class for Properties.
+ */
+public final class PropertiesUtil extends PropertyPlaceholderConfigurer {
     private static Map<String, String> propertiesMap = new HashMap<String, String>();
     private static Logger logger = Logger.getLogger(PropertiesUtil.class);
     protected List<String> xmlPropertyConfigurer = new ArrayList<String>();
@@ -42,8 +41,7 @@ public class PropertiesUtil extends PropertyPlaceholderConfigurer {
     }
 
     @Override
-    protected void processProperties(ConfigurableListableBeanFactory beanFactory, Properties props)
-        throws BeansException {
+    protected void processProperties(ConfigurableListableBeanFactory beanFactory, Properties props) {
 
         Properties sysProps = System.getProperties();
         if (sysProps != null) {
@@ -56,10 +54,14 @@ public class PropertiesUtil extends PropertyPlaceholderConfigurer {
             }
         }
 
-        Set<Object> keySet = props.keySet();
-        for (Object key : keySet) {
-            String keyStr = key.toString();
-            propertiesMap.put(keyStr, props.getProperty(keyStr).trim());
+        if (props != null) {
+            for (String key : props.stringPropertyNames()) {
+                String value = props.getProperty(key);
+                if (value != null) {
+                    value = value.trim();
+                }
+                propertiesMap.put(key, value);
+            }
         }
 
         super.processProperties(beanFactory, props);
@@ -132,4 +134,4 @@ public class PropertiesUtil extends PropertyPlaceholderConfigurer {
         }
         return Boolean.parseBoolean(value);
     }
-}
+}
\ No newline at end of file

webapp/src/main/java/org/apache/atlas/util/XMLPropertiesUtil.java → common/src/main/java/org/apache/atlas/utils/XMLPropertiesUtil.java

-/*
+/**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
@@ -7,17 +7,16 @@
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
- * http://www.apache.org/licenses/LICENSE-2.0
+ *     http://www.apache.org/licenses/LICENSE-2.0
  *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
  */
 
-package org.apache.atlas.util;
+package org.apache.atlas.utils;
 
 import java.io.IOException;
 import java.io.InputStream;
@@ -32,7 +31,9 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
-
+/**
+ * Util class for XMLProperties.
+ */
 public class XMLPropertiesUtil extends DefaultPropertiesPersister {
     private static Logger logger = Logger.getLogger(XMLPropertiesUtil.class);
 
@@ -40,8 +41,7 @@ public class XMLPropertiesUtil extends DefaultPropertiesPersister {
     }
 
     @Override
-    public void loadFromXml(Properties properties, InputStream inputStream)
-            throws IOException {
+    public void loadFromXml(Properties properties, InputStream inputStream) throws IOException {
         try {
             DocumentBuilderFactory xmlDocumentBuilderFactory = DocumentBuilderFactory
                     .newInstance();
@@ -82,4 +82,4 @@ public class XMLPropertiesUtil extends DefaultPropertiesPersister {
         }
     }
 
-}
+}
\ No newline at end of file

distro/src/conf/atlas-application.properties

@@ -127,3 +127,6 @@ atlas.auth.policy.file=${sys:atlas.home}/conf/policy-store.txt
 # org.apache.atlas.typesystem.types.cache.ITypeCacheProvider.
 # The default is DefaultTypeCacheProvider which is a local in-memory type cache.
 #atlas.typesystem.cache.provider=
+
+#########authorizer impl class #########
+atlas.authorizer.impl=SIMPLE

distro/src/conf/policy-store.txt

@@ -3,7 +3,5 @@
 ##Policy_Name;;User_Name1:Operations_Allowed,User_Name2:Operations_Allowed;;Group_Name1:Operations_Allowed,Group_Name2:Operations_Allowed;;Resource_Type1:Resource_Name,Resource_Type2:Resource_Name
 ##
 adminPolicy;;admin:rwud;;ROLE_ADMIN:rwud;;type:*,entity:*,operation:*,taxonomy:*,term:*
-typeReadPolicy;;nixon:rw;;;;type:*,entity:*,taxonomy:*,term:*
-classReadPolicy;;saqeeb:r;;;;type:*,entity:*,taxonomy:*,term:*
 dataScientistPolicy;;;;DATA_SCIENTIST:r;;type:*,entity:*,taxonomy:*,term:*
 dataStewardPolicy;;;;DATA_STEWARD:rwu;;type:*,entity:*,taxonomy:*,term:*

distro/src/conf/users-credentials.properties

 #username=group::sha256-password
 admin=ADMIN::8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
-michael=DATA_SCIENTIST::95bfb24de17d285d734b9eaa9109bfe922adc85f20d2e5e66a78bddb4a4ebddb
-paul=DATA_STEWARD::e7c0dcf5f8a93e93791e9bac1ae454a691c1d2a902fc4256d489e96c1b9ac68c

pom.xml

@@ -463,16 +463,19 @@
         <module>graphdb</module>
         <module>titan</module>
         <module>repository</module>
+        <module>authorization</module>
         <module>catalog</module>
         <!-- <module>dashboard</module> -->
         <module>dashboardv2</module>
         <module>webapp</module>
+	
         <module>docs</module>
         <module>addons/hdfs-model</module>
         <module>addons/hive-bridge</module>
         <module>addons/falcon-bridge</module>
         <module>addons/sqoop-bridge</module>
         <module>addons/storm-bridge</module>
+	
         <module>distro</module>
     </modules>
 

release-log.txt

@@ -21,6 +21,7 @@ ATLAS-409 Atlas will not import avro tables with schema read from a file (dosset
 ATLAS-379 Create sqoop and falcon metadata addons (venkatnrangan,bvellanki,sowmyaramesh via shwethags)
 
 ALL CHANGES:
+ATLAS-495 Atlas Ranger Authorization Plugin (nixonrodrigues via shwethags)
 ATLAS-805 Quickstart is failing if run after queries to the business taxonomy API (jspeidel via shwethags)
 ATLAS-774 Better error handling from login.jsp (nixonrodrigues via shwethags)
 ATLAS-683 Refactor local type-system cache with cache provider interface (vmadugun via shwethags)

webapp/pom.xml

@@ -89,6 +89,12 @@
             <artifactId>atlas-client</artifactId>
         </dependency>
 
+	    <dependency>
+            <groupId>org.apache.atlas</groupId>
+            <artifactId>atlas-authorization</artifactId>
+	    <version>${project.version}</version>	
+        </dependency>
+
         <dependency>
             <groupId>org.apache.atlas</groupId>
             <artifactId>atlas-notification</artifactId>

webapp/src/main/java/org/apache/atlas/authorize/AtlasAccessorTypes.java

-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.atlas.authorize;
-
-public enum AtlasAccessorTypes {
-    USER, GROUP;
-}

webapp/src/main/java/org/apache/atlas/web/filters/AtlasAuthorizationFilter.java

@@ -19,9 +19,9 @@
 package org.apache.atlas.web.filters;
 
 import java.io.IOException;
-import java.util.ArrayList;
 import java.util.Collection;
-import java.util.List;
+import java.util.HashSet;
+import java.util.Set;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
@@ -31,13 +31,11 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.atlas.AtlasClient;
-import org.apache.atlas.AtlasException;
 import org.apache.atlas.authorize.AtlasAccessRequest;
-import org.apache.atlas.authorize.AtlasActionTypes;
 import org.apache.atlas.authorize.AtlasAuthorizationException;
 import org.apache.atlas.authorize.AtlasAuthorizer;
+import org.apache.atlas.authorize.AtlasAuthorizerFactory;
 import org.apache.atlas.authorize.AtlasResourceTypes;
-import org.apache.atlas.authorize.SimpleAtlasAuthorizer;
 import org.json.simple.JSONObject;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -45,7 +43,6 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.filter.GenericFilterBean;
-import static org.apache.atlas.authorize.AtlasAuthorizationUtils.*;
 
 import com.google.common.base.Strings;
 
@@ -53,23 +50,36 @@ public class AtlasAuthorizationFilter extends GenericFilterBean {
 
     private static final Logger LOG = LoggerFactory.getLogger(AtlasAuthorizationFilter.class);
     private static boolean isDebugEnabled = LOG.isDebugEnabled();
-    private AtlasAuthorizer authorizer = SimpleAtlasAuthorizer.getInstance();
+    private AtlasAuthorizer authorizer = null;
 
     private final String BASE_URL = "/" + AtlasClient.BASE_URI;
 
     public AtlasAuthorizationFilter() {
         if (isDebugEnabled) {
-            LOG.debug("<== AtlasAuthorizationFilter() -- " + "Now initializing the Apache Atlas Authorizer!!!");
+            LOG.debug("==> AtlasAuthorizationFilter() -- " + "Now initializing the Apache Atlas Authorizer!!!");
         }
-        authorizer.init();
+
+        try {
+            authorizer = AtlasAuthorizerFactory.getAtlasAuthorizer();
+            if (authorizer != null) {
+                authorizer.init();
+            } else {
+                LOG.warn("AtlasAuthorizer not initialized properly, please check the application logs and add proper configurations.");
+            }
+        } catch (AtlasAuthorizationException e) {
+            LOG.error("Unable to obtain AtlasAuthorizer. ", e);
+        }
+
     }
 
     @Override
     public void destroy() {
         if (isDebugEnabled) {
-            LOG.debug("<== AtlasAuthorizationFilter destroy");
+            LOG.debug("==> AtlasAuthorizationFilter destroy");
+        }
+        if (authorizer != null) {
+            authorizer.cleanUp();
         }
-        authorizer.cleanUp();
         super.destroy();
     }
 
@@ -83,15 +93,13 @@ public class AtlasAuthorizationFilter extends GenericFilterBean {
 
         HttpServletRequest request = (HttpServletRequest) req;
         String pathInfo = request.getServletPath();
-        if (pathInfo.startsWith(BASE_URL)) {
+        if (!Strings.isNullOrEmpty(pathInfo) && pathInfo.startsWith(BASE_URL)) {
             if (isDebugEnabled) {
                 LOG.debug(pathInfo + " is a valid REST API request!!!");
             }
 
-            AtlasActionTypes action = getAtlasAction(request.getMethod());
             String userName = null;
-            List<String> groups = new ArrayList<String>();
-            StringBuilder sb = new StringBuilder();
+            Set<String> groups = new HashSet<String>();
 
             Authentication auth = SecurityContextHolder.getContext().getAuthentication();
 
@@ -101,37 +109,43 @@ public class AtlasAuthorizationFilter extends GenericFilterBean {
                 for (GrantedAuthority c : authorities) {
                     groups.add(c.getAuthority());
                 }
-                sb.append("============================\n");
-                sb.append("UserName ==>> " + userName + "\nGroups ==>> " + groups);
             } else {
                 if (LOG.isErrorEnabled()) {
                     LOG.error("Cannot obtain Security Context : " + auth);
                 }
                 throw new ServletException("Cannot obtain Security Context : " + auth);
             }
-
-            sb.append("\n" + "URL :: " + request.getRequestURL() + " Action :: " + action);
-            sb.append("\nrequest.getServletPath() :: " + pathInfo);
-            sb.append("\n============================\n");
-
+            AtlasAccessRequest atlasRequest = new AtlasAccessRequest(request, userName, groups);
             if (isDebugEnabled) {
-                LOG.debug(sb.toString());
+                LOG.debug("============================\n" + "UserName :: " + atlasRequest.getUser() + "\nGroups :: "
+                    + atlasRequest.getUserGroups() + "\nURL :: " + request.getRequestURL() + "\nAction :: "
+                    + atlasRequest.getAction() + "\nrequest.getServletPath() :: " + pathInfo
+                    + "\n============================\n");
             }
-            sb = null;
-            List<AtlasResourceTypes> atlasResourceType = getAtlasResourceType(pathInfo);
-            String resource = getAtlasResource(request, action);
-            AtlasAccessRequest atlasRequest =
-                new AtlasAccessRequest(atlasResourceType, resource, action, userName, groups);
+
             boolean accessAllowed = false;
-            try {
-                accessAllowed = authorizer.isAccessAllowed(atlasRequest);
-            } catch (AtlasAuthorizationException e) {
-                if (LOG.isErrorEnabled()) {
-                    LOG.error("Access Restricted. Could not process the request due to : " + e);
+
+            Set<AtlasResourceTypes> atlasResourceTypes = atlasRequest.getResourceTypes();
+            if (atlasResourceTypes.size() == 1 && atlasResourceTypes.contains(AtlasResourceTypes.UNKNOWN)) {
+                // Allowing access to unprotected resource types
+                if (LOG.isDebugEnabled()) {
+                    LOG.debug("Allowing access to unprotected resource types " + atlasResourceTypes);
+                }
+                accessAllowed = true;
+            } else {
+
+                try {
+                    if (authorizer != null) {
+                        accessAllowed = authorizer.isAccessAllowed(atlasRequest);
+                    }
+                } catch (AtlasAuthorizationException e) {
+                    if (LOG.isErrorEnabled()) {
+                        LOG.error("Access Restricted. Could not process the request :: " + e);
+                    }
+                }
+                if (isDebugEnabled) {
+                    LOG.debug("Authorizer result :: " + accessAllowed);
                 }
-            }
-            if (isDebugEnabled) {
-                LOG.debug("Authorizer result :: " + accessAllowed);
             }
             if (accessAllowed) {
                 if (isDebugEnabled) {
@@ -140,17 +154,17 @@ public class AtlasAuthorizationFilter extends GenericFilterBean {
                 chain.doFilter(req, res);
             } else {
                 JSONObject json = new JSONObject();
-                json.put("AuthorizationError", "Sorry you are not authorized for " + action.name() + " on "
-                    + atlasResourceType + " : " + resource);
+                json.put("AuthorizationError", "You are not authorized for " + atlasRequest.getAction().name() + " on "
+                    + atlasResourceTypes + " : " + atlasRequest.getResource());
                 HttpServletResponse response = (HttpServletResponse) res;
                 response.setContentType("application/json");
                 response.setStatus(HttpServletResponse.SC_FORBIDDEN);
 
                 response.sendError(HttpServletResponse.SC_FORBIDDEN, json.toString());
                 if (isDebugEnabled) {
-                    LOG.debug("Sorry you are not authorized for " + action.name() + " on " + atlasResourceType + " : "
-                        + resource);
-                    LOG.debug("Returning 403 since the access is blocked update!!!!");
+                    LOG.debug("You are not authorized for " + atlasRequest.getAction().name() + " on "
+                        + atlasResourceTypes + " : " + atlasRequest.getResource()
+                        + "\nReturning 403 since the access is blocked update!!!!");
                 }
                 return;
             }

webapp/src/main/java/org/apache/atlas/web/security/AtlasADAuthenticationProvider.java

@@ -22,7 +22,7 @@ import java.util.List;
 
 import javax.annotation.PostConstruct;
 
-import org.apache.atlas.util.PropertiesUtil;
+import org.apache.atlas.utils.PropertiesUtil;
 import org.apache.atlas.web.model.User;
 import org.apache.log4j.Logger;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;

webapp/src/main/java/org/apache/atlas/web/security/AtlasLdapAuthenticationProvider.java

@@ -20,7 +20,7 @@ package org.apache.atlas.web.security;
 
 import java.util.List;
 import javax.annotation.PostConstruct;
-import org.apache.atlas.util.PropertiesUtil;
+import org.apache.atlas.utils.PropertiesUtil;
 import org.apache.atlas.web.model.User;
 import org.apache.log4j.Logger;
 import org.springframework.ldap.core.support.LdapContextSource;

webapp/src/main/webapp/WEB-INF/applicationContext.xml

@@ -24,9 +24,9 @@
 
 
         <import resource="classpath:/spring-security.xml" />
-        <bean id="xmlPropertyConfigurer" class="org.apache.atlas.util.XMLPropertiesUtil" />
+        <bean id="xmlPropertyConfigurer" class="org.apache.atlas.utils.XMLPropertiesUtil" />
 
-        <bean id="propertyConfigurer" class="org.apache.atlas.util.PropertiesUtil">
+        <bean id="propertyConfigurer" class="org.apache.atlas.utils.PropertiesUtil">
                 <property name="locations">
                         <list>
                                 <value>classpath:atlas-admin-site.xml