Repository: sqoop Updated Branches: refs/heads/sqoop2 3611112e2 -> 9b96277b4
SQOOP-2183: Sqoop2: Change resource type, privilege action and principal type from String to Enum. (Richard Zhou via Abraham Elmahrek) Project: http://git-wip-us.apache.org/repos/asf/sqoop/repo Commit: http://git-wip-us.apache.org/repos/asf/sqoop/commit/9b96277b Tree: http://git-wip-us.apache.org/repos/asf/sqoop/tree/9b96277b Diff: http://git-wip-us.apache.org/repos/asf/sqoop/diff/9b96277b Branch: refs/heads/sqoop2 Commit: 9b96277b4db27682765cffc6f93f81648cab6ef9 Parents: 3611112 Author: Abraham Elmahrek <[email protected]> Authored: Mon Mar 9 00:22:00 2015 -0700 Committer: Abraham Elmahrek <[email protected]> Committed: Mon Mar 9 00:22:55 2015 -0700 ---------------------------------------------------------------------- .../java/org/apache/sqoop/model/MPrincipal.java | 19 +++++- .../java/org/apache/sqoop/model/MPrivilege.java | 21 ++++++- .../java/org/apache/sqoop/model/MResource.java | 19 +++++- .../Authorization/AuthorizationEngine.java | 65 +++++++------------- .../sqoop/handler/ConnectorRequestHandler.java | 5 +- .../apache/sqoop/handler/JobRequestHandler.java | 8 +-- .../sqoop/handler/LinkRequestHandler.java | 8 +-- 7 files changed, 83 insertions(+), 62 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sqoop/blob/9b96277b/common/src/main/java/org/apache/sqoop/model/MPrincipal.java ---------------------------------------------------------------------- diff --git a/common/src/main/java/org/apache/sqoop/model/MPrincipal.java b/common/src/main/java/org/apache/sqoop/model/MPrincipal.java index 471d63e..1fbf971 100644 --- a/common/src/main/java/org/apache/sqoop/model/MPrincipal.java +++ b/common/src/main/java/org/apache/sqoop/model/MPrincipal.java @@ -22,11 +22,13 @@ package org.apache.sqoop.model; */ public class MPrincipal { + public static enum TYPE {USER, GROUP, ROLE} + private final String name; /** * Currently, the type supports user, group and role. */ - private final String type; + private final TYPE type; /** * Default constructor to build new MPrincipal model. @@ -35,11 +37,22 @@ public class MPrincipal { * @param type Principal type */ public MPrincipal(String name, - String type) { + TYPE type) { this.name = name; this.type = type; } + /** + * constructor to build new MPrincipal model. + * + * @param name Principal name + * @param typeName Principal type name + */ + public MPrincipal(String name, + String typeName) { + this(name, TYPE.valueOf(typeName.toUpperCase())); + } + @Override public String toString() { StringBuilder sb = new StringBuilder("Principal ("); @@ -55,6 +68,6 @@ public class MPrincipal { } public String getType() { - return type; + return type.name(); } } http://git-wip-us.apache.org/repos/asf/sqoop/blob/9b96277b/common/src/main/java/org/apache/sqoop/model/MPrivilege.java ---------------------------------------------------------------------- diff --git a/common/src/main/java/org/apache/sqoop/model/MPrivilege.java b/common/src/main/java/org/apache/sqoop/model/MPrivilege.java index 25f7195..e10f094 100644 --- a/common/src/main/java/org/apache/sqoop/model/MPrivilege.java +++ b/common/src/main/java/org/apache/sqoop/model/MPrivilege.java @@ -22,11 +22,13 @@ package org.apache.sqoop.model; */ public class MPrivilege { + public static enum ACTION {ALL, READ, WRITE} + private final MResource resource; /** * Currently, the action supports view, use, create, update, delete and enable_disable. */ - private final String action; + private final ACTION action; private final boolean with_grant_option; @@ -38,13 +40,26 @@ public class MPrivilege { * @param with_grant_option Privilege with_grant_option */ public MPrivilege(MResource resource, - String action, + ACTION action, boolean with_grant_option) { this.resource = resource; this.action = action; this.with_grant_option = with_grant_option; } + /** + * constructor to build new MPrivilege model. + * + * @param resource Privilege resource + * @param actionName Privilege action name + * @param with_grant_option Privilege with_grant_option + */ + public MPrivilege(MResource resource, + String actionName, + boolean with_grant_option) { + this(resource, ACTION.valueOf(actionName.toUpperCase()), with_grant_option); + } + @Override public String toString() { StringBuilder sb = new StringBuilder("Privilege ("); @@ -61,7 +76,7 @@ public class MPrivilege { } public String getAction() { - return action; + return action.name(); } public boolean isWith_grant_option() { http://git-wip-us.apache.org/repos/asf/sqoop/blob/9b96277b/common/src/main/java/org/apache/sqoop/model/MResource.java ---------------------------------------------------------------------- diff --git a/common/src/main/java/org/apache/sqoop/model/MResource.java b/common/src/main/java/org/apache/sqoop/model/MResource.java index b21ce19..1185e48 100644 --- a/common/src/main/java/org/apache/sqoop/model/MResource.java +++ b/common/src/main/java/org/apache/sqoop/model/MResource.java @@ -22,11 +22,13 @@ package org.apache.sqoop.model; */ public class MResource { + public static enum TYPE {SERVER, CONNECTOR, LINK, JOB} + private final String name; /** * Currently, the type supports connector, link, job and submission. */ - private final String type; + private final TYPE type; /** * Default constructor to build new MResource model. @@ -35,11 +37,22 @@ public class MResource { * @param type Resource type */ public MResource(String name, - String type) { + TYPE type) { this.name = name; this.type = type; } + /** + * constructor to build new MResource model. + * + * @param name Resource name + * @param typeName Resource type name + */ + public MResource(String name, + String typeName) { + this(name, TYPE.valueOf(typeName.toUpperCase())); + } + @Override public String toString() { StringBuilder sb = new StringBuilder("Resource ("); @@ -55,6 +68,6 @@ public class MResource { } public String getType() { - return type; + return type.name(); } } http://git-wip-us.apache.org/repos/asf/sqoop/blob/9b96277b/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java ---------------------------------------------------------------------- diff --git a/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java b/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java index 09a9f38..d261027 100644 --- a/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java +++ b/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java @@ -38,36 +38,15 @@ public class AuthorizationEngine { private static final Logger LOG = Logger.getLogger(AuthorizationEngine.class); /** - * Role type - */ - public enum RoleType { - USER, GROUP, ROLE - } - - /** - * Resource type - */ - public enum ResourceType { - SERVER, CONNECTOR, LINK, JOB - } - - /** - * Action type in Privilege - */ - public enum PrivilegeActionType { - ALL, READ, WRITE - } - - /** * Filter resources, get all valid resources from all resources */ - public static <T extends MPersistableEntity> List<T> filterResource(final ResourceType type, List<T> resources) throws SqoopException { + public static <T extends MPersistableEntity> List<T> filterResource(final MResource.TYPE type, List<T> resources) throws SqoopException { Collection<T> collection = Collections2.filter(resources, new Predicate<T>() { @Override public boolean apply(T input) { try { String name = String.valueOf(input.getPersistenceId()); - checkPrivilege(getPrivilege(type, name, PrivilegeActionType.READ)); + checkPrivilege(getPrivilege(type, name, MPrivilege.ACTION.READ)); // add valid resource return true; } catch (Exception e) { @@ -83,58 +62,58 @@ public class AuthorizationEngine { * Link related function */ public static void createLink(String connectorId) throws SqoopException { - checkPrivilege(getPrivilege(ResourceType.CONNECTOR, connectorId, PrivilegeActionType.READ)); + checkPrivilege(getPrivilege(MResource.TYPE.CONNECTOR, connectorId, MPrivilege.ACTION.READ)); } public static void updateLink(String connectorId, String linkId) throws SqoopException { - MPrivilege privilege1 = getPrivilege(ResourceType.CONNECTOR, connectorId, PrivilegeActionType.READ); - MPrivilege privilege2 = getPrivilege(ResourceType.LINK, linkId, PrivilegeActionType.WRITE); + MPrivilege privilege1 = getPrivilege(MResource.TYPE.CONNECTOR, connectorId, MPrivilege.ACTION.READ); + MPrivilege privilege2 = getPrivilege(MResource.TYPE.LINK, linkId, MPrivilege.ACTION.WRITE); checkPrivilege(privilege1, privilege2); } public static void deleteLink(String linkId) throws SqoopException { - checkPrivilege(getPrivilege(ResourceType.LINK, linkId, PrivilegeActionType.WRITE)); + checkPrivilege(getPrivilege(MResource.TYPE.LINK, linkId, MPrivilege.ACTION.WRITE)); } public static void enableDisableLink(String linkId) throws SqoopException { - checkPrivilege(getPrivilege(ResourceType.LINK, linkId, PrivilegeActionType.WRITE)); + checkPrivilege(getPrivilege(MResource.TYPE.LINK, linkId, MPrivilege.ACTION.WRITE)); } /** * Job related function */ public static void createJob(String linkId1, String linkId2) throws SqoopException { - MPrivilege privilege1 = getPrivilege(ResourceType.LINK, linkId1, PrivilegeActionType.READ); - MPrivilege privilege2 = getPrivilege(ResourceType.LINK, linkId2, PrivilegeActionType.READ); + MPrivilege privilege1 = getPrivilege(MResource.TYPE.LINK, linkId1, MPrivilege.ACTION.READ); + MPrivilege privilege2 = getPrivilege(MResource.TYPE.LINK, linkId2, MPrivilege.ACTION.READ); checkPrivilege(privilege1, privilege2); } public static void updateJob(String linkId1, String linkId2, String jobId) throws SqoopException { - MPrivilege privilege1 = getPrivilege(ResourceType.LINK, linkId1, PrivilegeActionType.READ); - MPrivilege privilege2 = getPrivilege(ResourceType.LINK, linkId2, PrivilegeActionType.READ); - MPrivilege privilege3 = getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.WRITE); + MPrivilege privilege1 = getPrivilege(MResource.TYPE.LINK, linkId1, MPrivilege.ACTION.READ); + MPrivilege privilege2 = getPrivilege(MResource.TYPE.LINK, linkId2, MPrivilege.ACTION.READ); + MPrivilege privilege3 = getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.WRITE); checkPrivilege(privilege1, privilege2, privilege3); } public static void deleteJob(String jobId) throws SqoopException { - checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.WRITE)); + checkPrivilege(getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.WRITE)); } public static void enableDisableJob(String jobId) throws SqoopException { - checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.WRITE)); + checkPrivilege(getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.WRITE)); } public static void startJob(String jobId) throws SqoopException { ; - checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.WRITE)); + checkPrivilege(getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.WRITE)); } public static void stopJob(String jobId) throws SqoopException { - checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.WRITE)); + checkPrivilege(getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.WRITE)); } public static void statusJob(String jobId) throws SqoopException { - checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.READ)); + checkPrivilege(getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.READ)); } /** @@ -146,7 +125,7 @@ public class AuthorizationEngine { public boolean apply(MSubmission input) { try { String jobId = String.valueOf(input.getJobId()); - checkPrivilege(getPrivilege(ResourceType.JOB, jobId, PrivilegeActionType.READ)); + checkPrivilege(getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.READ)); // add valid submission return true; } catch (Exception e) { @@ -161,17 +140,17 @@ public class AuthorizationEngine { /** * Help function */ - private static MPrivilege getPrivilege(ResourceType resourceType, + private static MPrivilege getPrivilege(MResource.TYPE resourceType, String resourceId, - PrivilegeActionType privilegeActionType) { - return new MPrivilege(new MResource(resourceId, resourceType.name()), privilegeActionType.name(), false); + MPrivilege.ACTION privilegeAction) { + return new MPrivilege(new MResource(resourceId, resourceType), privilegeAction, false); } private static void checkPrivilege(MPrivilege... privileges) { AuthorizationHandler handler = AuthorizationManager.getAuthorizationHandler(); UserGroupInformation user = HttpUserGroupInformation.get(); String user_name = user == null ? StringUtils.EMPTY : user.getShortUserName(); - MPrincipal principal = new MPrincipal(user_name, RoleType.USER.name()); + MPrincipal principal = new MPrincipal(user_name, MPrincipal.TYPE.USER); handler.checkPrivileges(principal, Arrays.asList(privileges)); } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sqoop/blob/9b96277b/server/src/main/java/org/apache/sqoop/handler/ConnectorRequestHandler.java ---------------------------------------------------------------------- diff --git a/server/src/main/java/org/apache/sqoop/handler/ConnectorRequestHandler.java b/server/src/main/java/org/apache/sqoop/handler/ConnectorRequestHandler.java index 41a8b95..e469c09 100644 --- a/server/src/main/java/org/apache/sqoop/handler/ConnectorRequestHandler.java +++ b/server/src/main/java/org/apache/sqoop/handler/ConnectorRequestHandler.java @@ -32,6 +32,7 @@ import org.apache.sqoop.json.ConnectorBean; import org.apache.sqoop.json.ConnectorsBean; import org.apache.sqoop.json.JsonBean; import org.apache.sqoop.model.MConnector; +import org.apache.sqoop.model.MResource; import org.apache.sqoop.security.Authorization.AuthorizationEngine; import org.apache.sqoop.server.RequestContext; import org.apache.sqoop.server.RequestContext.Method; @@ -70,7 +71,7 @@ public class ConnectorRequestHandler implements RequestHandler { ctx.getRequest().getRemoteAddr(), "get", "connectors", "all"); // Authorization check - connectors = AuthorizationEngine.filterResource(AuthorizationEngine.ResourceType.CONNECTOR, connectors); + connectors = AuthorizationEngine.filterResource(MResource.TYPE.CONNECTOR, connectors); return new ConnectorsBean(connectors, configParamBundles); @@ -89,7 +90,7 @@ public class ConnectorRequestHandler implements RequestHandler { ctx.getRequest().getRemoteAddr(), "get", "connector", String.valueOf(cIdentifier)); // Authorization check - connectors = AuthorizationEngine.filterResource(AuthorizationEngine.ResourceType.CONNECTOR, connectors); + connectors = AuthorizationEngine.filterResource(MResource.TYPE.CONNECTOR, connectors); return new ConnectorBean(connectors, configParamBundles); } http://git-wip-us.apache.org/repos/asf/sqoop/blob/9b96277b/server/src/main/java/org/apache/sqoop/handler/JobRequestHandler.java ---------------------------------------------------------------------- diff --git a/server/src/main/java/org/apache/sqoop/handler/JobRequestHandler.java b/server/src/main/java/org/apache/sqoop/handler/JobRequestHandler.java index 6dae043..551d5fe 100644 --- a/server/src/main/java/org/apache/sqoop/handler/JobRequestHandler.java +++ b/server/src/main/java/org/apache/sqoop/handler/JobRequestHandler.java @@ -147,7 +147,7 @@ public class JobRequestHandler implements RequestHandler { AuditLoggerManager.getInstance().logAuditEvent(ctx.getUserName(), ctx.getRequest().getRemoteAddr(), "delete", "job", jobIdentifier); repository.deleteJob(jobId); - MResource resource = new MResource(String.valueOf(jobId), AuthorizationEngine.ResourceType.JOB.name()); + MResource resource = new MResource(String.valueOf(jobId), MResource.TYPE.JOB); AuthorizationManager.getAuthorizationHandler().removeResource(resource); return JsonBean.EMPTY_BEAN; } @@ -285,7 +285,7 @@ public class JobRequestHandler implements RequestHandler { List<MJob> jobList = repository.findJobsForConnector(connectorId); // Authorization check - jobList = AuthorizationEngine.filterResource(AuthorizationEngine.ResourceType.JOB, jobList); + jobList = AuthorizationEngine.filterResource(MResource.TYPE.JOB, jobList); jobBean = createJobsBean(jobList, locale); } else @@ -297,7 +297,7 @@ public class JobRequestHandler implements RequestHandler { List<MJob> jobList = repository.findJobs(); // Authorization check - jobList = AuthorizationEngine.filterResource(AuthorizationEngine.ResourceType.JOB, jobList); + jobList = AuthorizationEngine.filterResource(MResource.TYPE.JOB, jobList); jobBean = createJobsBean(jobList, locale); } @@ -312,7 +312,7 @@ public class JobRequestHandler implements RequestHandler { jobList.add(repository.findJob(jobId)); // Authorization check - jobList = AuthorizationEngine.filterResource(AuthorizationEngine.ResourceType.JOB, jobList); + jobList = AuthorizationEngine.filterResource(MResource.TYPE.JOB, jobList); jobBean = createJobBean(jobList, locale); } http://git-wip-us.apache.org/repos/asf/sqoop/blob/9b96277b/server/src/main/java/org/apache/sqoop/handler/LinkRequestHandler.java ---------------------------------------------------------------------- diff --git a/server/src/main/java/org/apache/sqoop/handler/LinkRequestHandler.java b/server/src/main/java/org/apache/sqoop/handler/LinkRequestHandler.java index 0bffc63..24b1754 100644 --- a/server/src/main/java/org/apache/sqoop/handler/LinkRequestHandler.java +++ b/server/src/main/java/org/apache/sqoop/handler/LinkRequestHandler.java @@ -101,7 +101,7 @@ public class LinkRequestHandler implements RequestHandler { ctx.getRequest().getRemoteAddr(), "delete", "link", linkIdentifier); repository.deleteLink(linkId); - MResource resource = new MResource(String.valueOf(linkId), AuthorizationEngine.ResourceType.LINK.name()); + MResource resource = new MResource(String.valueOf(linkId), MResource.TYPE.LINK); AuthorizationManager.getAuthorizationHandler().removeResource(resource); return JsonBean.EMPTY_BEAN; } @@ -207,7 +207,7 @@ public class LinkRequestHandler implements RequestHandler { List<MLink> linkList = repository.findLinksForConnector(connectorId); // Authorization check - linkList = AuthorizationEngine.filterResource(AuthorizationEngine.ResourceType.LINK, linkList); + linkList = AuthorizationEngine.filterResource(MResource.TYPE.LINK, linkList); linkBean = createLinksBean(linkList, locale); } else { @@ -224,7 +224,7 @@ public class LinkRequestHandler implements RequestHandler { List<MLink> linkList = repository.findLinks(); // Authorization check - linkList = AuthorizationEngine.filterResource(AuthorizationEngine.ResourceType.LINK, linkList); + linkList = AuthorizationEngine.filterResource(MResource.TYPE.LINK, linkList); linkBean = createLinksBean(linkList, locale); } @@ -239,7 +239,7 @@ public class LinkRequestHandler implements RequestHandler { linkList.add(repository.findLink(linkId)); // Authorization check - linkList = AuthorizationEngine.filterResource(AuthorizationEngine.ResourceType.LINK, linkList); + linkList = AuthorizationEngine.filterResource(MResource.TYPE.LINK, linkList); linkBean = createLinkBean(linkList, locale); }
