morningman commented on code in PR #40750:
URL: https://github.com/apache/doris/pull/40750#discussion_r1771445241
##########
fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/AccessControllerManager.java:
##########
@@ -52,19 +55,51 @@ public class AccessControllerManager {
private static final Logger LOG =
LogManager.getLogger(AccessControllerManager.class);
private Auth auth;
+ // Default access controller instance used for handling cases where no
specific controller is specified
private CatalogAccessController defaultAccessController;
+ // Map that stores the mapping between catalogs and their corresponding
access controllers
private Map<String, CatalogAccessController> ctlToCtlAccessController =
Maps.newConcurrentMap();
+ // Cache of loaded access controller factories for quick creation of new
access controllers
+ private ConcurrentHashMap<String, AccessControllerFactory>
accessControllerFactoriesCache
+ = new ConcurrentHashMap<>();
+ // Mapping between access controller class names and their identifiers for
easy lookup of factory identifiers
+ private ConcurrentHashMap<String, String> accessControllerClassNameMapping
= new ConcurrentHashMap<>();
public AccessControllerManager(Auth auth) {
this.auth = auth;
- if (Config.access_controller_type.equalsIgnoreCase("ranger-doris")) {
- defaultAccessController = new
RangerCacheDorisAccessController("doris");
- } else {
- defaultAccessController = new InternalAccessController(auth);
- }
+ loadAccessControllerPlugins();
+ String accessControllerName = Config.access_controller_type;
+ this.defaultAccessController =
loadAccessControllerOrThrow(accessControllerName);
ctlToCtlAccessController.put(InternalCatalog.INTERNAL_CATALOG_NAME,
defaultAccessController);
}
+ private CatalogAccessController loadAccessControllerOrThrow(String
accessControllerName) {
+ if (accessControllerName.equalsIgnoreCase("default")) {
+ return new InternalAccessController(auth);
+ }
+ if (accessControllerFactoriesCache.containsKey(accessControllerName)) {
+ Map<String, String> prop;
+ try {
+ prop = PropertiesUtils.loadAccessControllerPropertiesOrNull();
+ } catch (IOException e) {
+ throw new RuntimeException("Failed to load authorization
properties,"
+ + "please check the configuration file, authorization
name is " + accessControllerName, e);
+ }
+ return
accessControllerFactoriesCache.get(accessControllerName).createAccessController(prop);
+ }
+ throw new RuntimeException("No authorization plugin factory found for
" + accessControllerName
+ + "Please confirm that your plugin is placed in the correct
location.");
Review Comment:
```suggestion
+ ". Please confirm that your plugin is placed in the
correct location.");
```
##########
fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/AccessControllerManager.java:
##########
@@ -94,23 +129,28 @@ public boolean checkIfAccessControllerExist(String ctl) {
}
public void createAccessController(String ctl, String acFactoryClassName,
Map<String, String> prop,
- boolean isDryRun) {
- Class<?> factoryClazz = null;
- try {
- factoryClazz = Class.forName(acFactoryClassName);
- AccessControllerFactory factory = (AccessControllerFactory)
factoryClazz.newInstance();
- CatalogAccessController accessController =
factory.createAccessController(prop);
- if (!isDryRun) {
- ctlToCtlAccessController.put(ctl, accessController);
- LOG.info("create access controller {} for catalog {}", ctl,
acFactoryClassName);
- }
- } catch (ClassNotFoundException e) {
- throw new RuntimeException(e);
- } catch (InstantiationException e) {
- throw new RuntimeException(e);
- } catch (IllegalAccessException e) {
- throw new RuntimeException(e);
+ boolean isDryRun) {
+ String pluginIdentifier =
getPluginIdentifierForAccessController(acFactoryClassName);
+ CatalogAccessController accessController =
accessControllerFactoriesCache.get(pluginIdentifier)
+ .createAccessController(prop);
+ if (!isDryRun) {
+ ctlToCtlAccessController.put(ctl, accessController);
+ LOG.info("create access controller {} for catalog {}", ctl,
acFactoryClassName);
Review Comment:
```suggestion
LOG.info("create access controller {} for catalog {}",
acFactoryClassName, ctl);
```
##########
fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/AccessControllerManager.java:
##########
@@ -52,19 +55,51 @@ public class AccessControllerManager {
private static final Logger LOG =
LogManager.getLogger(AccessControllerManager.class);
private Auth auth;
+ // Default access controller instance used for handling cases where no
specific controller is specified
private CatalogAccessController defaultAccessController;
+ // Map that stores the mapping between catalogs and their corresponding
access controllers
private Map<String, CatalogAccessController> ctlToCtlAccessController =
Maps.newConcurrentMap();
+ // Cache of loaded access controller factories for quick creation of new
access controllers
+ private ConcurrentHashMap<String, AccessControllerFactory>
accessControllerFactoriesCache
+ = new ConcurrentHashMap<>();
+ // Mapping between access controller class names and their identifiers for
easy lookup of factory identifiers
+ private ConcurrentHashMap<String, String> accessControllerClassNameMapping
= new ConcurrentHashMap<>();
public AccessControllerManager(Auth auth) {
this.auth = auth;
- if (Config.access_controller_type.equalsIgnoreCase("ranger-doris")) {
- defaultAccessController = new
RangerCacheDorisAccessController("doris");
- } else {
- defaultAccessController = new InternalAccessController(auth);
- }
+ loadAccessControllerPlugins();
+ String accessControllerName = Config.access_controller_type;
+ this.defaultAccessController =
loadAccessControllerOrThrow(accessControllerName);
ctlToCtlAccessController.put(InternalCatalog.INTERNAL_CATALOG_NAME,
defaultAccessController);
}
+ private CatalogAccessController loadAccessControllerOrThrow(String
accessControllerName) {
+ if (accessControllerName.equalsIgnoreCase("default")) {
+ return new InternalAccessController(auth);
+ }
+ if (accessControllerFactoriesCache.containsKey(accessControllerName)) {
+ Map<String, String> prop;
+ try {
+ prop = PropertiesUtils.loadAccessControllerPropertiesOrNull();
+ } catch (IOException e) {
+ throw new RuntimeException("Failed to load authorization
properties,"
Review Comment:
```suggestion
throw new RuntimeException("Failed to load authorization
properties."
```
##########
fe/fe-core/src/main/java/org/apache/doris/mysql/privilege/AccessControllerManager.java:
##########
@@ -52,19 +55,51 @@ public class AccessControllerManager {
private static final Logger LOG =
LogManager.getLogger(AccessControllerManager.class);
private Auth auth;
+ // Default access controller instance used for handling cases where no
specific controller is specified
private CatalogAccessController defaultAccessController;
+ // Map that stores the mapping between catalogs and their corresponding
access controllers
private Map<String, CatalogAccessController> ctlToCtlAccessController =
Maps.newConcurrentMap();
+ // Cache of loaded access controller factories for quick creation of new
access controllers
+ private ConcurrentHashMap<String, AccessControllerFactory>
accessControllerFactoriesCache
+ = new ConcurrentHashMap<>();
+ // Mapping between access controller class names and their identifiers for
easy lookup of factory identifiers
+ private ConcurrentHashMap<String, String> accessControllerClassNameMapping
= new ConcurrentHashMap<>();
public AccessControllerManager(Auth auth) {
this.auth = auth;
- if (Config.access_controller_type.equalsIgnoreCase("ranger-doris")) {
- defaultAccessController = new
RangerCacheDorisAccessController("doris");
- } else {
- defaultAccessController = new InternalAccessController(auth);
- }
+ loadAccessControllerPlugins();
+ String accessControllerName = Config.access_controller_type;
+ this.defaultAccessController =
loadAccessControllerOrThrow(accessControllerName);
ctlToCtlAccessController.put(InternalCatalog.INTERNAL_CATALOG_NAME,
defaultAccessController);
}
+ private CatalogAccessController loadAccessControllerOrThrow(String
accessControllerName) {
+ if (accessControllerName.equalsIgnoreCase("default")) {
+ return new InternalAccessController(auth);
+ }
+ if (accessControllerFactoriesCache.containsKey(accessControllerName)) {
+ Map<String, String> prop;
+ try {
+ prop = PropertiesUtils.loadAccessControllerPropertiesOrNull();
+ } catch (IOException e) {
+ throw new RuntimeException("Failed to load authorization
properties,"
+ + "please check the configuration file, authorization
name is " + accessControllerName, e);
Review Comment:
```suggestion
+ " Please check the configuration file,
authorization name is " + accessControllerName, e);
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
