This is an automated email from the ASF dual-hosted git repository.
roryqi pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/gravitino.git
The following commit(s) were added to refs/heads/main by this push:
new 78e3dbbf88 [#7746] improvement(authz) :Use Jcasbin as the default
implementation of GravitinoAuthorizer (#7839)
78e3dbbf88 is described below
commit 78e3dbbf880375ace59aa91b42ac9461a77fef08
Author: yangyang zhong <[email protected]>
AuthorDate: Mon Aug 4 16:31:12 2025 +0800
[#7746] improvement(authz) :Use Jcasbin as the default implementation of
GravitinoAuthorizer (#7839)
### What changes were proposed in this pull request?
Use Jcasbin as the default implementation of GravitinoAuthorizer
### Why are the changes needed?
Fix: #7746
### Does this PR introduce _any_ user-facing change?
None
### How was this patch tested?
None
---
.../authorization/ranger/integration/test/RangerBaseE2EIT.java | 9 +++++++++
.../authorization/ranger/integration/test/RangerFilesetIT.java | 3 +++
.../test/authorization/BaseRestApiAuthorizationIT.java | 3 ---
.../integration/test/authorization/CheckCurrentUserIT.java | 3 +++
.../gravitino/client/integration/test/authorization/OwnerIT.java | 3 +++
core/src/main/java/org/apache/gravitino/Configs.java | 2 +-
6 files changed, 19 insertions(+), 4 deletions(-)
diff --git
a/authorizations/authorization-ranger/src/test/java/org/apache/gravitino/authorization/ranger/integration/test/RangerBaseE2EIT.java
b/authorizations/authorization-ranger/src/test/java/org/apache/gravitino/authorization/ranger/integration/test/RangerBaseE2EIT.java
index f75625f518..3c38ba0908 100644
---
a/authorizations/authorization-ranger/src/test/java/org/apache/gravitino/authorization/ranger/integration/test/RangerBaseE2EIT.java
+++
b/authorizations/authorization-ranger/src/test/java/org/apache/gravitino/authorization/ranger/integration/test/RangerBaseE2EIT.java
@@ -31,6 +31,7 @@ import java.util.List;
import org.apache.commons.io.FileUtils;
import org.apache.gravitino.Catalog;
import org.apache.gravitino.CatalogChange;
+import org.apache.gravitino.Configs;
import org.apache.gravitino.MetadataObject;
import org.apache.gravitino.MetadataObjects;
import org.apache.gravitino.MetalakeChange;
@@ -135,6 +136,14 @@ public abstract class RangerBaseE2EIT extends BaseIT {
FileUtils.writeStringToFile(new File(xmlPath), templateContext,
StandardCharsets.UTF_8);
}
+ @Override
+ public void startIntegrationTest() throws Exception {
+ customConfigs.put(
+ Configs.AUTHORIZATION_IMPL.getKey(),
+ "org.apache.gravitino.server.authorization.PassThroughAuthorizer");
+ super.startIntegrationTest();
+ }
+
protected void cleanIT() {
if (client != null) {
Arrays.stream(catalog.asSchemas().listSchemas())
diff --git
a/authorizations/authorization-ranger/src/test/java/org/apache/gravitino/authorization/ranger/integration/test/RangerFilesetIT.java
b/authorizations/authorization-ranger/src/test/java/org/apache/gravitino/authorization/ranger/integration/test/RangerFilesetIT.java
index f1e2b14470..be3b87f0b4 100644
---
a/authorizations/authorization-ranger/src/test/java/org/apache/gravitino/authorization/ranger/integration/test/RangerFilesetIT.java
+++
b/authorizations/authorization-ranger/src/test/java/org/apache/gravitino/authorization/ranger/integration/test/RangerFilesetIT.java
@@ -94,6 +94,9 @@ public class RangerFilesetIT extends BaseIT {
configs.put(Configs.SERVICE_ADMINS.getKey(), RangerITEnv.HADOOP_USER_NAME);
configs.put(Configs.AUTHENTICATORS.getKey(),
AuthenticatorType.SIMPLE.name().toLowerCase());
configs.put("SimpleAuthUserName", AuthConstants.ANONYMOUS_USER);
+ configs.put(
+ Configs.AUTHORIZATION_IMPL.getKey(),
+ "org.apache.gravitino.server.authorization.PassThroughAuthorizer");
registerCustomConfigs(configs);
super.startIntegrationTest();
diff --git
a/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/BaseRestApiAuthorizationIT.java
b/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/BaseRestApiAuthorizationIT.java
index 776bb23c5e..0616ce8d36 100644
---
a/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/BaseRestApiAuthorizationIT.java
+++
b/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/BaseRestApiAuthorizationIT.java
@@ -23,7 +23,6 @@ import org.apache.gravitino.Configs;
import org.apache.gravitino.client.GravitinoAdminClient;
import org.apache.gravitino.client.GravitinoMetalake;
import org.apache.gravitino.integration.test.util.BaseIT;
-import org.apache.gravitino.server.authorization.jcasbin.JcasbinAuthorizer;
import org.junit.jupiter.api.AfterAll;
import org.junit.jupiter.api.BeforeAll;
import org.slf4j.Logger;
@@ -53,8 +52,6 @@ public class BaseRestApiAuthorizationIT extends BaseIT {
USER,
Configs.ENABLE_AUTHORIZATION.getKey(),
"true",
- Configs.AUTHORIZATION_IMPL.getKey(),
- JcasbinAuthorizer.class.getCanonicalName(),
Configs.CACHE_ENABLED.getKey(),
"false",
Configs.AUTHENTICATORS.getKey(),
diff --git
a/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/CheckCurrentUserIT.java
b/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/CheckCurrentUserIT.java
index a7339ba0db..517a92a99f 100644
---
a/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/CheckCurrentUserIT.java
+++
b/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/CheckCurrentUserIT.java
@@ -67,6 +67,9 @@ public class CheckCurrentUserIT extends BaseIT {
Map<String, String> configs = Maps.newHashMap();
configs.put(Configs.ENABLE_AUTHORIZATION.getKey(), String.valueOf(true));
configs.put(Configs.SERVICE_ADMINS.getKey(), AuthConstants.ANONYMOUS_USER);
+ configs.put(
+ Configs.AUTHORIZATION_IMPL.getKey(),
+ "org.apache.gravitino.server.authorization.PassThroughAuthorizer");
registerCustomConfigs(configs);
super.startIntegrationTest();
diff --git
a/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/OwnerIT.java
b/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/OwnerIT.java
index 32ca7bd778..280489f6db 100644
---
a/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/OwnerIT.java
+++
b/clients/client-java/src/test/java/org/apache/gravitino/client/integration/test/authorization/OwnerIT.java
@@ -65,6 +65,9 @@ public class OwnerIT extends BaseIT {
Map<String, String> configs = Maps.newHashMap();
configs.put(Configs.ENABLE_AUTHORIZATION.getKey(), String.valueOf(true));
configs.put(Configs.SERVICE_ADMINS.getKey(), AuthConstants.ANONYMOUS_USER);
+ configs.put(
+ Configs.AUTHORIZATION_IMPL.getKey(),
+ "org.apache.gravitino.server.authorization.PassThroughAuthorizer");
registerCustomConfigs(configs);
super.startIntegrationTest();
diff --git a/core/src/main/java/org/apache/gravitino/Configs.java
b/core/src/main/java/org/apache/gravitino/Configs.java
index 8c283630eb..d90e069bc2 100644
--- a/core/src/main/java/org/apache/gravitino/Configs.java
+++ b/core/src/main/java/org/apache/gravitino/Configs.java
@@ -290,7 +290,7 @@ public class Configs {
.doc("Metadata authorization implementation")
.version(ConfigConstants.VERSION_1_0_0)
.stringConf()
-
.createWithDefault("org.apache.gravitino.server.authorization.PassThroughAuthorizer");
+
.createWithDefault("org.apache.gravitino.server.authorization.jcasbin.JcasbinAuthorizer");
public static final ConfigEntry<List<String>> SERVICE_ADMINS =
new ConfigBuilder("gravitino.authorization.serviceAdmins")
