FALCON-831 Operation on non existing entity throws internal server error. Contributed by Venkatesh Seetharam
Project: http://git-wip-us.apache.org/repos/asf/incubator-falcon/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-falcon/commit/03d3531f Tree: http://git-wip-us.apache.org/repos/asf/incubator-falcon/tree/03d3531f Diff: http://git-wip-us.apache.org/repos/asf/incubator-falcon/diff/03d3531f Branch: refs/heads/master Commit: 03d3531f16c9b2d74dcc30cc01cd9afff11db261 Parents: 73269d2 Author: Venkatesh Seetharam <venkat...@apache.org> Authored: Sun Oct 26 20:31:10 2014 -0700 Committer: Venkatesh Seetharam <venkat...@apache.org> Committed: Sun Oct 26 20:31:10 2014 -0700 ---------------------------------------------------------------------- CHANGES.txt | 3 +++ .../security/FalconAuthorizationFilter.java | 13 ++++++++--- .../security/FalconAuthorizationFilterTest.java | 23 ++++++++++++++++++++ 3 files changed, 36 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-falcon/blob/03d3531f/CHANGES.txt ---------------------------------------------------------------------- diff --git a/CHANGES.txt b/CHANGES.txt index fdeff18..9261af3 100755 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -122,6 +122,9 @@ Trunk (Unreleased) OPTIMIZATIONS BUG FIXES + FALCON-831 Operation on non existing entity throws internal server error + (Venkatesh Seetharam) + FALCON-710 start/end is optional for lifecycle operations (Balu Vellanki via Venkatesh Seetharam) http://git-wip-us.apache.org/repos/asf/incubator-falcon/blob/03d3531f/prism/src/main/java/org/apache/falcon/security/FalconAuthorizationFilter.java ---------------------------------------------------------------------- diff --git a/prism/src/main/java/org/apache/falcon/security/FalconAuthorizationFilter.java b/prism/src/main/java/org/apache/falcon/security/FalconAuthorizationFilter.java index 3daa419..884bd73 100644 --- a/prism/src/main/java/org/apache/falcon/security/FalconAuthorizationFilter.java +++ b/prism/src/main/java/org/apache/falcon/security/FalconAuthorizationFilter.java @@ -19,6 +19,8 @@ package org.apache.falcon.security; import org.apache.falcon.FalconException; +import org.apache.falcon.FalconWebException; +import org.apache.hadoop.security.authorize.AuthorizationException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -29,6 +31,7 @@ import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.core.Response; import java.io.IOException; import java.util.ArrayList; @@ -65,9 +68,13 @@ public class FalconAuthorizationFilter implements Filter { if (isAuthorizationEnabled) { LOG.info("Authorizing user={} against request={}", CurrentUser.getUser(), requestParts); - authorizationProvider.authorizeResource(requestParts.getResource(), - requestParts.getAction(), requestParts.getEntityType(), - requestParts.getEntityName(), CurrentUser.getProxyUGI()); + try { + authorizationProvider.authorizeResource(requestParts.getResource(), + requestParts.getAction(), requestParts.getEntityType(), + requestParts.getEntityName(), CurrentUser.getProxyUGI()); + } catch (AuthorizationException e) { + throw FalconWebException.newException(e.getMessage(), Response.Status.UNAUTHORIZED); + } } filterChain.doFilter(request, response); http://git-wip-us.apache.org/repos/asf/incubator-falcon/blob/03d3531f/prism/src/test/java/org/apache/falcon/security/FalconAuthorizationFilterTest.java ---------------------------------------------------------------------- diff --git a/prism/src/test/java/org/apache/falcon/security/FalconAuthorizationFilterTest.java b/prism/src/test/java/org/apache/falcon/security/FalconAuthorizationFilterTest.java index 289e232..6e4885a 100644 --- a/prism/src/test/java/org/apache/falcon/security/FalconAuthorizationFilterTest.java +++ b/prism/src/test/java/org/apache/falcon/security/FalconAuthorizationFilterTest.java @@ -152,6 +152,29 @@ public class FalconAuthorizationFilterTest { } } + @Test (expectedExceptions = Exception.class) + public void testDoFilterForEntityWithInvalidEntity() throws Exception { + CurrentUser.authenticate("falcon"); + Filter filter = new FalconAuthorizationFilter(); + synchronized (StartupProperties.get()) { + filter.init(mockConfig); + } + + try { + StartupProperties.get().setProperty("falcon.security.authorization.enabled", "true"); + + String uri = "/entities/suspend/process/bad-entity"; + StringBuffer requestUrl = new StringBuffer("http://localhost"; + uri); + Mockito.when(mockRequest.getRequestURL()).thenReturn(requestUrl); + Mockito.when(mockRequest.getRequestURI()).thenReturn("/api" + uri); + Mockito.when(mockRequest.getPathInfo()).thenReturn(uri); + + filter.doFilter(mockRequest, mockResponse, mockChain); + } finally { + filter.destroy(); + } + } + public void addClusterEntity() throws Exception { clusterEntity = EntityBuilderTestUtil.buildCluster(CLUSTER_ENTITY_NAME); configStore.publish(EntityType.CLUSTER, clusterEntity);
