Skip to content

Apache Ranger Java API User Guide

This section provides some examples of how to use the Apache Ranger Java API to interact with the Ranger service programmatically. Here are the Apache Ranger REST API reference and the Java API documentation.

Getting Started

Privacera host the customized Apache Ranger Java client libraries in a Maven repository. You can include these libraries in your project to interact with the Ranger service programmatically.

Maven Repository:

Add the Privacera's Apache Ranger Maven repository to your project's build configuration file.

Maven Configuration

XML
1
2
3
4
5
6
<repositories>
    <repository>
        <id>privacera-repo</id>
        <url>https://s3.amazonaws.com/privacera-maven-repo-prod/</url>
    </repository>
</repositories>

Gradle Configuration

Text Only
1
2
3
4
5
repositories {
maven {
   url 'https://s3.amazonaws.com/privacera-maven-repo-prod/'
   }
}

Apache Ranger Dependencies:

Include the necessary Ranger Java client libraries in your project's build configuration (e.g., Maven, Gradle).

Maven Dependency

XML
1
2
3
4
5
<dependency>
    <groupId>org.apache.ranger</groupId>
    <artifactId>ranger-intg</artifactId>
    <version>10.24.0.23</version> <!-- Replace with the appropriate version -->
</dependency>

Gradle Dependency

Text Only
1
2
3
dependencies {
    implementation 'org.apache.ranger:ranger-intg:10.24.0.23' // Replace with the appropriate version
}

Create a Ranger Admin Client:

Java
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
import org.apache.ranger.RangerClient;

public class RangerClientExample {
    public static void main(String[] args) {
        String rangerAdminUrl = "http://<ranger_admin_host>:<ranger_admin_port>"; // Replace with your Ranger Admin URL
        String username = "admin";
        String password = "_your_admin_password_";
        String authType = "BASIC";

      // For Apache Ranger with self-signed SSL enabled, refer to the SSL configuration example provided below.

        RangerClient rangerClient = new RangerClient(hostName, authType, userName, password, null);


    }
}

Sample SSL 'ssl-client.xml' configuration file for self-signed SSL enabled Apache Ranger :

Text Only
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
<configuration>
    <property>
        <name>xasecure.policymgr.clientssl.truststore</name>
        <value></value>
    </property>
    <property>
        <name>xasecure.policymgr.clientssl.truststore.credential.file</name>
        <value></value>
    </property>
    <property>
        <name>xasecure.policymgr.clientssl.truststore.type</name>
        <value></value>
    </property>
</configuration>

Examples:

Fetch Policies

To retrieve policies for a specific service:

Java
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
import org.apache.ranger.plugin.model.RangerPolicy;
import java.util.List;

public class FetchPoliciesExample {
    public static void main(String[] args) {
        String serviceName = "privacera_s3"; // Replace with your service name
        String rangerAdminUrl = "http://<ranger_admin_host>:<ranger_admin_port>"; // Replace with your Ranger Admin URL
        String username = "admin";
        String password = "_your_admin_password_";
        String authType = "BASIC";
        String cfg = "ssl-client.xml"; // Path to the SSL configuration file

      RangerClient rangerClient = new RangerClient(hostName, authType, userName, password, cfg);

        try {
            List<RangerPolicy> policies = rangerClient.getPoliciesInService(serviceName);
            for (RangerPolicy policy : policies) {
                System.out.println("Policy Name: " + policy.getName());
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

Create Policy

To create a new policy for a service:

Java
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
        /*
        Create a new Policy
         */
        Map<String, RangerPolicy.RangerPolicyResource> resource = Collections.singletonMap(
                "root", new RangerPolicy.RangerPolicyResource(Collections.singletonList("/path/to/sample/resource"),false,false));
        RangerPolicy policy = new RangerPolicy();
        policy.setService(serviceName);
        policy.setZoneName(zoneName);
        policy.setName(policyName);
        policy.setResources(resource);

        RangerPolicy createdPolicy = rangerClient.createPolicy(policy);

Update Policy to give access to a user

To update an existing policy to grant read access to a user:

Java
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
        /*
        Update an existing Policy to give access to a user
         */
        RangerPolicy.RangerPolicyItem policyItem = new RangerPolicy.RangerPolicyItem();
        policyItem.setDelegateAdmin(false);
        policyItem.setUsers(Arrays.asList("johndoe"));
        policyItem.setAccesses(Arrays.asList(new RangerPolicy.RangerPolicyItemAccess("read", true)));
        boolean isAllowException = false; // Set to true if you want to update allow exceptions
        RangerPolicy updatedPolicy = rangerClient.grantAccess(policy.getId(), Arrays.asList(policyItem), isAllowException);

        // The returned updatedPolicy object contains the updated policy details

Update Policy to give additional access to a user

To update an existing policy to grant additional 'write' access to a user:

Java
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
        /*
        Update an existing Policy to give access to a user
         */
        RangerPolicy.RangerPolicyItem policyItem = new RangerPolicy.RangerPolicyItem();
        policyItem.setDelegateAdmin(false);
        policyItem.setUsers(Arrays.asList("johndoe"));
        policyItem.setAccesses(Arrays.asList(new RangerPolicy.RangerPolicyItemAccess("write", true)));
        boolean isAllowException = false; // Set to true if you want to update allow exceptions
        RangerPolicy updatedPolicy = rangerClient.grantAccess(policy.getId(), Arrays.asList(policyItem), isAllowException);

        // The returned updatedPolicy object contains the updated policy details with "read" and "write" access to user 'johndoe'

Update policy to remove access for a user

Java
1
2
3
4
5
6
      Map<RangerPrincipal.PrincipalType, List<String>> principalsToDelete = new HashMap<>();
      principalsToDelete.put(RangerPrincipal.PrincipalType.USER, Arrays.asList("johndoe"));
      boolean isAllowException = false; // Set to true if you want to delete allow exceptions
      RangerPolicy policy = rangerClient.deleteAccess(policy.getId(), principalsToDelete, new ArrayList<>(), isAllowException);

      // The returned policy object contains the updated policy details without the user 'johndoe'

Update policy to remove permission for a given user e.g remove 'select' permission

Java
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
      import java.util.Arrays;

Map<RangerPrincipal.PrincipalType, List<String>> principalsToDelete = new HashMap<>();
      principalsToDelete.

put(RangerPrincipal.PrincipalType.USER, Arrays.asList("johndoe"));
List<String> permissions = Arrays.asList("select");
boolean isAllowException = false; // Set to true if you want to delete allow exceptions
RangerPolicy policy = rangerClient.deleteAccess(policy.getId(), principalsToDelete, permissions, isAllowException);

// The returned policy object contains the updated policy details without the 'select' permission for user 'johndoe'

Add a deny access policy

Java
1
2
3
4
5
6
7
8
9
        /*
        Add a deny access policy
         */
        RangerPolicy.RangerPolicyItem denyPolicyItem = new RangerPolicy.RangerPolicyItem();
        denyPolicyItem.setDelegateAdmin(false);
        denyPolicyItem.setUsers(Arrays.asList("johndoe"));
        denyPolicyItem.setAccesses(Arrays.asList(new RangerPolicy.RangerPolicyItemAccess("write", false)));
        boolean isDenyException = false; // Set to true if you want to add deny exceptions
        RangerPolicy updatedPolicy = rangerClient.denyAccess(policy.getId(), Arrays.asList(denyPolicyItem), isDenyException);

Add a resource to Security Zone identified by zone ID

Java
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
   // Create a resource map for e.g s3 bucket name 'bucket-1'
   Map<String, List<String>> resourceMap = new HashMap<>();
       resourceMap.put("bucketname", Arrays.asList("bucket-1"));
           resourceMap.put("objectpath", Arrays.asList("*"));

   // Create a security zone resource using the resource map
   RangerSecurityZoneV2.RangerSecurityZoneResource securityZoneResource = new RangerSecurityZoneV2.RangerSecurityZoneResource(resourceMap);

   // Create a security zone service using the security zone resource
   RangerSecurityZoneV2.RangerSecurityZoneServiceV2 securityZoneServiceV2 = new RangerSecurityZoneV2.RangerSecurityZoneServiceV2();
       securityZoneServiceV2.setResources(Arrays.asList(securityZoneResource));

   // Create a security zone service map using the security zone service
   Map<String, RangerSecurityZoneV2.RangerSecurityZoneServiceV2> serviceMap = new HashMap<>();
       serviceMap.put("privacera_s3", securityZoneServiceV2);

   // Create a security zone change request to add the resource to the security zone 
   RangerSecurityZoneV2.RangerSecurityZoneChangeRequest securityZoneChangeRequest = new RangerSecurityZoneV2.RangerSecurityZoneChangeRequest();
       securityZoneChangeRequest.setResourcesToUpdate(serviceMap);

   boolean result = rangerClient.updateSecurityZoneV2Partially(175l, securityZoneChangeRequest);
    if (result) {
        LOG.info("Security Zone updated successfully");
    } else {
            LOG.info("Security Zone update failed");
    }

Comments