FALCON-595 Improvements to DefaultAuthorizationProvider code. Contributed by Raghav Kumar Gautam
Project: http://git-wip-us.apache.org/repos/asf/incubator-falcon/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-falcon/commit/d2a25082 Tree: http://git-wip-us.apache.org/repos/asf/incubator-falcon/tree/d2a25082 Diff: http://git-wip-us.apache.org/repos/asf/incubator-falcon/diff/d2a25082 Branch: refs/heads/master Commit: d2a25082b85f5075eef4cd50e18efe2fce67e46b Parents: 8190456 Author: Venkatesh Seetharam <venkat...@apache.org> Authored: Fri Nov 7 20:18:12 2014 -0800 Committer: Venkatesh Seetharam <venkat...@apache.org> Committed: Fri Nov 7 21:33:25 2014 -0800 ---------------------------------------------------------------------- CHANGES.txt | 3 +++ .../security/DefaultAuthorizationProvider.java | 28 +++++++------------- 2 files changed, 13 insertions(+), 18 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-falcon/blob/d2a25082/CHANGES.txt ---------------------------------------------------------------------- diff --git a/CHANGES.txt b/CHANGES.txt index d6d8747..aaea457 100755 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -129,6 +129,9 @@ Trunk (Unreleased) OPTIMIZATIONS BUG FIXES + FALCON-595 Improvements to DefaultAuthorizationProvider code + (Raghav Kumar Gautam via Venkatesh Seetharam) + FALCON-868 Rerun command incorrect in falcon CLI documentation (Karishma Gulati via Venkatesh Seetharam) http://git-wip-us.apache.org/repos/asf/incubator-falcon/blob/d2a25082/common/src/main/java/org/apache/falcon/security/DefaultAuthorizationProvider.java ---------------------------------------------------------------------- diff --git a/common/src/main/java/org/apache/falcon/security/DefaultAuthorizationProvider.java b/common/src/main/java/org/apache/falcon/security/DefaultAuthorizationProvider.java index b59718c..d2d48c7 100644 --- a/common/src/main/java/org/apache/falcon/security/DefaultAuthorizationProvider.java +++ b/common/src/main/java/org/apache/falcon/security/DefaultAuthorizationProvider.java @@ -85,9 +85,9 @@ public class DefaultAuthorizationProvider implements AuthorizationProvider { /** * Super user group. */ - private String superUserGroup; - private Set<String> adminUsers; - private Set<String> adminGroups; + private final String superUserGroup; + private final Set<String> adminUsers; + private final Set<String> adminGroups; public DefaultAuthorizationProvider() { superUserGroup = StartupProperties.get().getProperty(SUPER_USER_GROUP_KEY); @@ -95,14 +95,14 @@ public class DefaultAuthorizationProvider implements AuthorizationProvider { adminGroups = getAdminNamesFromConfig(ADMIN_GROUPS_KEY); } - private HashSet<String> getAdminNamesFromConfig(String key) { - HashSet<String> adminNames = new HashSet<String>(); + private Set<String> getAdminNamesFromConfig(String key) { + Set<String> adminNames = new HashSet<String>(); String adminNamesConfig = StartupProperties.get().getProperty(key); if (!StringUtils.isEmpty(adminNamesConfig)) { adminNames.addAll(Arrays.asList(adminNamesConfig.split(","))); } - return adminNames; + return Collections.unmodifiableSet(adminNames); } /** @@ -180,8 +180,7 @@ public class DefaultAuthorizationProvider implements AuthorizationProvider { } protected Set<String> getGroupNames(UserGroupInformation proxyUgi) { - HashSet<String> s = new HashSet<String>(Arrays.asList(proxyUgi.getGroupNames())); - return Collections.unmodifiableSet(s); + return new HashSet<String>(Arrays.asList(proxyUgi.getGroupNames())); } /** @@ -288,16 +287,9 @@ public class DefaultAuthorizationProvider implements AuthorizationProvider { } protected boolean isUserInAdminGroups(UserGroupInformation proxyUgi) { - Set<String> groups = getGroupNames(proxyUgi); - boolean isUserGroupInAdmin = false; - for (String group : groups) { - if (adminGroups.contains(group)) { - isUserGroupInAdmin = true; - break; - } - } - - return isUserGroupInAdmin; + final Set<String> groups = getGroupNames(proxyUgi); + groups.retainAll(adminGroups); + return !groups.isEmpty(); } protected void authorizeEntityResource(UserGroupInformation authenticatedUGI,
