Repository: sqoop Updated Branches: refs/heads/sqoop2 a59d69f6c -> 4e05e6186
SQOOP-2327: Sqoop2: Change package name from Authorization to authorization (Richard via Jarek Jarcec Cecho) Project: http://git-wip-us.apache.org/repos/asf/sqoop/repo Commit: http://git-wip-us.apache.org/repos/asf/sqoop/commit/4e05e618 Tree: http://git-wip-us.apache.org/repos/asf/sqoop/tree/4e05e618 Diff: http://git-wip-us.apache.org/repos/asf/sqoop/diff/4e05e618 Branch: refs/heads/sqoop2 Commit: 4e05e61864e1b8d7d71a476205e728bd70330510 Parents: a59d69f Author: Jarek Jarcec Cecho <[email protected]> Authored: Mon Apr 27 08:51:23 2015 -0700 Committer: Jarek Jarcec Cecho <[email protected]> Committed: Mon Apr 27 08:51:23 2015 -0700 ---------------------------------------------------------------------- .../sqoop/security/AuthenticationManager.java | 2 +- .../sqoop/security/AuthorizationManager.java | 4 +- .../sqoop/security/SecurityConstants.java | 10 +- dist/src/main/server/conf/sqoop.properties | 12 +- docs/src/site/sphinx/SecurityGuideOnSqoop2.rst | 6 +- .../KerberosAuthenticationHandler.java | 90 --------- .../SimpleAuthenticationHandler.java | 43 ---- .../Authorization/AuthorizationEngine.java | 196 ------------------- .../DefaultAuthenticationProvider.java | 54 ----- .../DefaultAuthorizationAccessController.java | 145 -------------- .../DefaultAuthorizationHandler.java | 174 ---------------- .../DefaultAuthorizationValidator.java | 42 ---- .../KerberosAuthenticationHandler.java | 90 +++++++++ .../SimpleAuthenticationHandler.java | 43 ++++ .../authorization/AuthorizationEngine.java | 196 +++++++++++++++++++ .../DefaultAuthenticationProvider.java | 54 +++++ .../DefaultAuthorizationAccessController.java | 145 ++++++++++++++ .../DefaultAuthorizationHandler.java | 174 ++++++++++++++++ .../DefaultAuthorizationValidator.java | 42 ++++ .../sqoop/handler/ConnectorRequestHandler.java | 2 +- .../apache/sqoop/handler/JobRequestHandler.java | 2 +- .../sqoop/handler/LinkRequestHandler.java | 2 +- .../sqoop/handler/SubmissionRequestHandler.java | 2 +- 23 files changed, 765 insertions(+), 765 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sqoop/blob/4e05e618/core/src/main/java/org/apache/sqoop/security/AuthenticationManager.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/sqoop/security/AuthenticationManager.java b/core/src/main/java/org/apache/sqoop/security/AuthenticationManager.java index 228b9e7..603643f 100644 --- a/core/src/main/java/org/apache/sqoop/security/AuthenticationManager.java +++ b/core/src/main/java/org/apache/sqoop/security/AuthenticationManager.java @@ -31,7 +31,7 @@ public class AuthenticationManager implements Reconfigurable { /** * Default authentication handler */ - public static final String DEFAULT_AUTHENTICATION_HANDLER = "org.apache.sqoop.security.Authentication.SimpleAuthenticationHandler"; + public static final String DEFAULT_AUTHENTICATION_HANDLER = "org.apache.sqoop.security.authentication.SimpleAuthenticationHandler"; /** http://git-wip-us.apache.org/repos/asf/sqoop/blob/4e05e618/core/src/main/java/org/apache/sqoop/security/AuthorizationManager.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/sqoop/security/AuthorizationManager.java b/core/src/main/java/org/apache/sqoop/security/AuthorizationManager.java index 76a13ff..7699862 100644 --- a/core/src/main/java/org/apache/sqoop/security/AuthorizationManager.java +++ b/core/src/main/java/org/apache/sqoop/security/AuthorizationManager.java @@ -32,12 +32,12 @@ public class AuthorizationManager implements Reconfigurable { /** * Default authorization handler */ - public static final String DEFAULT_AUTHORIZATION_HANDLER = "org.apache.sqoop.security.Authorization.DefaultAuthorizationHandler"; + public static final String DEFAULT_AUTHORIZATION_HANDLER = "org.apache.sqoop.security.authorization.DefaultAuthorizationHandler"; /** * Default authentication provider */ - public static final String DEFAULT_AUTHENTICATION_PROVIDER = "org.apache.sqoop.security.Authorization.DefaultAuthenticationProvider"; + public static final String DEFAULT_AUTHENTICATION_PROVIDER = "org.apache.sqoop.security.authorization.DefaultAuthenticationProvider"; /** * Default authentication provider http://git-wip-us.apache.org/repos/asf/sqoop/blob/4e05e618/core/src/main/java/org/apache/sqoop/security/SecurityConstants.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/sqoop/security/SecurityConstants.java b/core/src/main/java/org/apache/sqoop/security/SecurityConstants.java index eef818b..fd54862 100644 --- a/core/src/main/java/org/apache/sqoop/security/SecurityConstants.java +++ b/core/src/main/java/org/apache/sqoop/security/SecurityConstants.java @@ -46,7 +46,7 @@ public final class SecurityConstants { /** * The config specifies the sqoop authentication handler class. - * The default type is org.apache.sqoop.security.Authentication.SimpleAuthenticationHandler + * The default type is org.apache.sqoop.security.authentication.SimpleAuthenticationHandler * <tt>org.apache.sqoop.security.authentication.handler</tt>. */ public static final String AUTHENTICATION_HANDLER = @@ -110,7 +110,7 @@ public final class SecurityConstants { /** * The config specifies the sqoop authorization handler class. - * The default type is org.apache.sqoop.security.Authorization.DefaultAuthorizationHandler + * The default type is org.apache.sqoop.security.authorization.DefaultAuthorizationHandler * <tt>org.apache.sqoop.security.authorization.handler</tt>. */ public static final String AUTHORIZATION_HANDLER = @@ -118,7 +118,7 @@ public final class SecurityConstants { /** * The config specifies the sqoop authorization access controller class. - * The default type is org.apache.sqoop.security.Authorization.DefaultAuthorizationAccessController + * The default type is org.apache.sqoop.security.authorization.DefaultAuthorizationAccessController * <tt>org.apache.sqoop.security.authorization.access_controller</tt>. */ public static final String AUTHORIZATION_ACCESS_CONTROLLER = @@ -126,7 +126,7 @@ public final class SecurityConstants { /** * The config specifies the sqoop authorization validator class. - * The default type is org.apache.sqoop.security.Authorization.DefaultAuthorizationValidator + * The default type is org.apache.sqoop.security.authorization.DefaultAuthorizationValidator * <tt>org.apache.sqoop.security.authorization.validator</tt>. */ public static final String AUTHORIZATION_VALIDATOR = @@ -134,7 +134,7 @@ public final class SecurityConstants { /** * The config specifies the sqoop authentication provider class. - * The default type is org.apache.sqoop.security.Authorization.DefaultAuthenticationProvider + * The default type is org.apache.sqoop.security.authorization.DefaultAuthenticationProvider * <tt>org.apache.sqoop.security.authorization.authentication_provider</tt>. */ public static final String AUTHENTICATION_PROVIDER = http://git-wip-us.apache.org/repos/asf/sqoop/blob/4e05e618/dist/src/main/server/conf/sqoop.properties ---------------------------------------------------------------------- diff --git a/dist/src/main/server/conf/sqoop.properties b/dist/src/main/server/conf/sqoop.properties index e7de613..5226a19 100755 --- a/dist/src/main/server/conf/sqoop.properties +++ b/dist/src/main/server/conf/sqoop.properties @@ -145,10 +145,10 @@ org.apache.sqoop.execution.engine=org.apache.sqoop.execution.mapreduce.Mapreduce # Authentication configuration # #org.apache.sqoop.security.authentication.type=SIMPLE -#org.apache.sqoop.security.authentication.handler=org.apache.sqoop.security.Authentication.SimpleAuthenticationHandler +#org.apache.sqoop.security.authentication.handler=org.apache.sqoop.security.authentication.SimpleAuthenticationHandler #org.apache.sqoop.security.authentication.anonymous=true #org.apache.sqoop.security.authentication.type=KERBEROS -#org.apache.sqoop.security.authentication.handler=org.apache.sqoop.security.Authentication.KerberosAuthenticationHandler +#org.apache.sqoop.security.authentication.handler=org.apache.sqoop.security.authentication.KerberosAuthenticationHandler #org.apache.sqoop.security.authentication.kerberos.principal=sqoop/_HOST@NOVALOCAL #org.apache.sqoop.security.authentication.kerberos.keytab=/home/kerberos/sqoop.keytab #org.apache.sqoop.security.authentication.kerberos.http.principal=HTTP/_HOST@NOVALOCAL @@ -161,10 +161,10 @@ org.apache.sqoop.execution.engine=org.apache.sqoop.execution.mapreduce.Mapreduce # # Authorization configuration # -#org.apache.sqoop.security.authorization.handler=org.apache.sqoop.security.Authorization.DefaultAuthorizationHandler -#org.apache.sqoop.security.authorization.access_controller=org.apache.sqoop.security.Authorization.DefaultAuthorizationAccessController -#org.apache.sqoop.security.authorization.validator=org.apache.sqoop.security.Authorization.DefaultAuthorizationValidator -#org.apache.sqoop.security.authorization.authentication_provider=org.apache.sqoop.security.Authorization.DefaultAuthenticationProvider +#org.apache.sqoop.security.authorization.handler=org.apache.sqoop.security.authorization.DefaultAuthorizationHandler +#org.apache.sqoop.security.authorization.access_controller=org.apache.sqoop.security.authorization.DefaultAuthorizationAccessController +#org.apache.sqoop.security.authorization.validator=org.apache.sqoop.security.authorization.DefaultAuthorizationValidator +#org.apache.sqoop.security.authorization.authentication_provider=org.apache.sqoop.security.authorization.DefaultAuthenticationProvider #org.apache.sqoop.security.authorization.server_name=SqoopServer1 # External connectors load path http://git-wip-us.apache.org/repos/asf/sqoop/blob/4e05e618/docs/src/site/sphinx/SecurityGuideOnSqoop2.rst ---------------------------------------------------------------------- diff --git a/docs/src/site/sphinx/SecurityGuideOnSqoop2.rst b/docs/src/site/sphinx/SecurityGuideOnSqoop2.rst index c38e276..0a6d192 100644 --- a/docs/src/site/sphinx/SecurityGuideOnSqoop2.rst +++ b/docs/src/site/sphinx/SecurityGuideOnSqoop2.rst @@ -30,7 +30,7 @@ Modify Sqoop configuration file, normally in <Sqoop Folder>/server/config/sqoop. :: org.apache.sqoop.authentication.type=SIMPLE - org.apache.sqoop.authentication.handler=org.apache.sqoop.security.Authentication.SimpleAuthenticationHandler + org.apache.sqoop.authentication.handler=org.apache.sqoop.security.authentication.SimpleAuthenticationHandler org.apache.sqoop.anonymous=true - Simple authentication is used by default. Commenting out authentication configuration will yield the use of simple authentication. @@ -88,7 +88,7 @@ Modify Sqoop configuration file, normally in <Sqoop Folder>/server/config/sqoop. :: org.apache.sqoop.authentication.type=KERBEROS - org.apache.sqoop.authentication.handler=org.apache.sqoop.security.Authentication.KerberosAuthenticationHandler + org.apache.sqoop.authentication.handler=org.apache.sqoop.security.authentication.KerberosAuthenticationHandler org.apache.sqoop.authentication.kerberos.principal=sqoop/_HOST@<REALM> org.apache.sqoop.authentication.kerberos.keytab=/home/kerberos/sqoop.keytab org.apache.sqoop.authentication.kerberos.http.principal=HTTP/_HOST@<REALM> @@ -132,7 +132,7 @@ If the Sqoop server has started successfully with Kerberos authentication, the f :: - 2014-12-04 15:02:58,038 INFO security.KerberosAuthenticationHandler [org.apache.sqoop.security.Authentication.KerberosAuthenticationHandler.secureLogin(KerberosAuthenticationHandler.java:84)] Using Kerberos authentication, principal [sqoop/[email protected]] keytab [/home/kerberos/sqoop.keytab] + 2014-12-04 15:02:58,038 INFO security.KerberosAuthenticationHandler [org.apache.sqoop.security.authentication.KerberosAuthenticationHandler.secureLogin(KerberosAuthenticationHandler.java:84)] Using Kerberos authentication, principal [sqoop/[email protected]] keytab [/home/kerberos/sqoop.keytab] If the Sqoop client was able to communicate with the Sqoop server, the following will be in <Sqoop Folder>/server/log/catalina.out: http://git-wip-us.apache.org/repos/asf/sqoop/blob/4e05e618/security/src/main/java/org/apache/sqoop/security/Authentication/KerberosAuthenticationHandler.java ---------------------------------------------------------------------- diff --git a/security/src/main/java/org/apache/sqoop/security/Authentication/KerberosAuthenticationHandler.java b/security/src/main/java/org/apache/sqoop/security/Authentication/KerberosAuthenticationHandler.java deleted file mode 100644 index db89a2d..0000000 --- a/security/src/main/java/org/apache/sqoop/security/Authentication/KerberosAuthenticationHandler.java +++ /dev/null @@ -1,90 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sqoop.security.Authentication; - -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.security.SecurityUtil; -import org.apache.hadoop.security.UserGroupInformation; -import org.apache.log4j.Logger; -import org.apache.sqoop.common.MapContext; -import org.apache.sqoop.common.SqoopException; -import org.apache.sqoop.core.SqoopConfiguration; -import org.apache.sqoop.security.AuthenticationHandler; -import org.apache.sqoop.security.SecurityConstants; -import org.apache.sqoop.security.SecurityError; - -import java.io.IOException; - -public class KerberosAuthenticationHandler extends AuthenticationHandler { - - private static final Logger LOG = Logger.getLogger(KerberosAuthenticationHandler.class); - - /** - * Principal for Kerberos option value - */ - private String keytabPrincipal; - - public String getKeytabPrincipal() { - return keytabPrincipal; - } - - /** - * Keytab for Kerberos option value - */ - private String keytabFile; - - public String getKeytabFile() { - return keytabFile; - } - - public void doInitialize() { - securityEnabled = true; - } - - public void secureLogin() { - MapContext mapContext = SqoopConfiguration.getInstance().getContext(); - String keytab = mapContext.getString( - SecurityConstants.AUTHENTICATION_KERBEROS_KEYTAB).trim(); - if (keytab.length() == 0) { - throw new SqoopException(SecurityError.AUTH_0001, - SecurityConstants.AUTHENTICATION_KERBEROS_KEYTAB); - } - keytabFile = keytab; - - String principal = mapContext.getString( - SecurityConstants.AUTHENTICATION_KERBEROS_PRINCIPAL).trim(); - if (principal.length() == 0) { - throw new SqoopException(SecurityError.AUTH_0002, - SecurityConstants.AUTHENTICATION_KERBEROS_PRINCIPAL); - } - keytabPrincipal = principal; - - Configuration conf = new Configuration(); - conf.set(get_hadoop_security_authentication(), - SecurityConstants.TYPE.KERBEROS.name()); - UserGroupInformation.setConfiguration(conf); - try { - String hostPrincipal = SecurityUtil.getServerPrincipal(principal, "0.0.0.0"); - UserGroupInformation.loginUserFromKeytab(hostPrincipal, keytab); - } catch (IOException ex) { - throw new SqoopException(SecurityError.AUTH_0003, ex); - } - LOG.info("Using Kerberos authentication, principal [" - + principal + "] keytab [" + keytab + "]"); - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sqoop/blob/4e05e618/security/src/main/java/org/apache/sqoop/security/Authentication/SimpleAuthenticationHandler.java ---------------------------------------------------------------------- diff --git a/security/src/main/java/org/apache/sqoop/security/Authentication/SimpleAuthenticationHandler.java b/security/src/main/java/org/apache/sqoop/security/Authentication/SimpleAuthenticationHandler.java deleted file mode 100644 index 94f0feb..0000000 --- a/security/src/main/java/org/apache/sqoop/security/Authentication/SimpleAuthenticationHandler.java +++ /dev/null @@ -1,43 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sqoop.security.Authentication; - -import org.apache.hadoop.conf.Configuration; -import org.apache.hadoop.security.UserGroupInformation; -import org.apache.log4j.Logger; -import org.apache.sqoop.security.AuthenticationHandler; -import org.apache.sqoop.security.SecurityConstants; - -public class SimpleAuthenticationHandler extends AuthenticationHandler { - - private static final Logger LOG = Logger.getLogger(SimpleAuthenticationHandler.class); - - public void doInitialize() { - securityEnabled = false; - } - - public void secureLogin() { - //no secureLogin, just set configurations - Configuration conf = new Configuration(); - conf.set(get_hadoop_security_authentication(), - SecurityConstants.TYPE.SIMPLE.name()); - UserGroupInformation.setConfiguration(conf); - LOG.info("Using simple/pseudo authentication, principal [" - + System.getProperty("user.name") + "]"); - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sqoop/blob/4e05e618/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java ---------------------------------------------------------------------- diff --git a/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java b/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java deleted file mode 100644 index e6bf8be..0000000 --- a/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java +++ /dev/null @@ -1,196 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sqoop.security.Authorization; - -import com.beust.jcommander.internal.Lists; -import com.google.common.base.Predicate; -import com.google.common.collect.Collections2; -import org.apache.commons.lang.StringUtils; -import org.apache.hadoop.security.UserGroupInformation; -import org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation; -import org.apache.log4j.Logger; -import org.apache.sqoop.common.SqoopException; -import org.apache.sqoop.model.*; -import org.apache.sqoop.repository.Repository; -import org.apache.sqoop.repository.RepositoryManager; -import org.apache.sqoop.security.AuthorizationHandler; -import org.apache.sqoop.security.AuthorizationManager; - -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; - -public class AuthorizationEngine { - - private static final Logger LOG = Logger.getLogger(AuthorizationEngine.class); - - /** - * Filter resources, get all valid resources from all resources - */ - public static <T extends MPersistableEntity> List<T> filterResource(final MResource.TYPE type, List<T> resources) throws SqoopException { - Collection<T> collection = Collections2.filter(resources, new Predicate<T>() { - @Override - public boolean apply(T input) { - try { - String name = String.valueOf(input.getPersistenceId()); - checkPrivilege(getPrivilege(type, name, MPrivilege.ACTION.READ)); - // add valid resource - return true; - } catch (Exception e) { - //do not add into result if invalid resource - return false; - } - } - }); - return Lists.newArrayList(collection); - } - - /** - * Connector related function - */ - public static void readConnector(String connectorId) throws SqoopException { - checkPrivilege(getPrivilege(MResource.TYPE.CONNECTOR, connectorId, MPrivilege.ACTION.READ)); - } - - /** - * Link related function - */ - public static void readLink(String linkId) throws SqoopException { - checkPrivilege(getPrivilege(MResource.TYPE.LINK, linkId, MPrivilege.ACTION.READ)); - } - - public static void createLink(String connectorId) throws SqoopException { - checkPrivilege(getPrivilege(MResource.TYPE.CONNECTOR, connectorId, MPrivilege.ACTION.READ)); - } - - public static void updateLink(String connectorId, String linkId) throws SqoopException { - MPrivilege privilege1 = getPrivilege(MResource.TYPE.CONNECTOR, connectorId, MPrivilege.ACTION.READ); - MPrivilege privilege2 = getPrivilege(MResource.TYPE.LINK, linkId, MPrivilege.ACTION.WRITE); - checkPrivilege(privilege1, privilege2); - } - - public static void deleteLink(String linkId) throws SqoopException { - checkPrivilege(getPrivilege(MResource.TYPE.LINK, linkId, MPrivilege.ACTION.WRITE)); - } - - public static void enableDisableLink(String linkId) throws SqoopException { - checkPrivilege(getPrivilege(MResource.TYPE.LINK, linkId, MPrivilege.ACTION.WRITE)); - } - - /** - * Job related function - */ - public static void readJob(String jobId) throws SqoopException { - checkPrivilege(getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.READ)); - } - - public static void createJob(String linkId1, String linkId2) throws SqoopException { - MPrivilege privilege1 = getPrivilege(MResource.TYPE.LINK, linkId1, MPrivilege.ACTION.READ); - MPrivilege privilege2 = getPrivilege(MResource.TYPE.LINK, linkId2, MPrivilege.ACTION.READ); - checkPrivilege(privilege1, privilege2); - } - - public static void updateJob(String linkId1, String linkId2, String jobId) throws SqoopException { - MPrivilege privilege1 = getPrivilege(MResource.TYPE.LINK, linkId1, MPrivilege.ACTION.READ); - MPrivilege privilege2 = getPrivilege(MResource.TYPE.LINK, linkId2, MPrivilege.ACTION.READ); - MPrivilege privilege3 = getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.WRITE); - checkPrivilege(privilege1, privilege2, privilege3); - } - - public static void deleteJob(String jobId) throws SqoopException { - checkPrivilege(getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.WRITE)); - } - - public static void enableDisableJob(String jobId) throws SqoopException { - checkPrivilege(getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.WRITE)); - } - - public static void startJob(String jobId) throws SqoopException { - ; - checkPrivilege(getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.WRITE)); - } - - public static void stopJob(String jobId) throws SqoopException { - checkPrivilege(getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.WRITE)); - } - - public static void statusJob(String jobId) throws SqoopException { - checkPrivilege(getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.READ)); - } - - /** - * Filter resources, get all valid resources from all resources - */ - public static List<MSubmission> filterSubmission(List<MSubmission> submissions) throws SqoopException { - Collection<MSubmission> collection = Collections2.filter(submissions, new Predicate<MSubmission>() { - @Override - public boolean apply(MSubmission input) { - try { - String jobId = String.valueOf(input.getJobId()); - checkPrivilege(getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.READ)); - // add valid submission - return true; - } catch (Exception e) { - //do not add into result if invalid submission - return false; - } - } - }); - return Lists.newArrayList(collection); - } - - /** - * Help function - */ - private static MPrivilege getPrivilege(MResource.TYPE resourceType, - String resourceId, - MPrivilege.ACTION privilegeAction) { - return new MPrivilege(new MResource(resourceId, resourceType), privilegeAction, false); - } - - private static void checkPrivilege(MPrivilege... privileges) { - AuthorizationHandler handler = AuthorizationManager.getAuthorizationHandler(); - UserGroupInformation user = HttpUserGroupInformation.get(); - String user_name = user == null ? StringUtils.EMPTY : user.getShortUserName(); - MPrincipal principal = new MPrincipal(user_name, MPrincipal.TYPE.USER); - - // SQOOP-2256: Hack code, do not check privilege when the user is the creator - // If the user is the owner/creator of this resource, then privilege will - // not be checked. It is a hack code for the time being. The concept of - // "Owner" will be added in the future and this code will be removed. - ArrayList<MPrivilege> privilegesNeedCheck = new ArrayList<MPrivilege>(); - for (MPrivilege privilege : privileges) { - Repository repository = RepositoryManager.getInstance().getRepository(); - if (MResource.TYPE.LINK.name().equalsIgnoreCase(privilege.getResource().getType())) { - MLink link = repository.findLink(Long.valueOf(privilege.getResource().getName())); - if (!user_name.equals(link.getCreationUser())) { - privilegesNeedCheck.add(privilege); - } - } else if (MResource.TYPE.JOB.name().equalsIgnoreCase(privilege.getResource().getType())) { - MJob job = repository.findJob(Long.valueOf(privilege.getResource().getName())); - if (!user_name.equals(job.getCreationUser())) { - privilegesNeedCheck.add(privilege); - } - } else { - privilegesNeedCheck.add(privilege); - } - } - - handler.checkPrivileges(principal, privilegesNeedCheck); - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sqoop/blob/4e05e618/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthenticationProvider.java b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthenticationProvider.java deleted file mode 100644 index 547040b..0000000 --- a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthenticationProvider.java +++ /dev/null @@ -1,54 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.apache.sqoop.security.Authorization; - -import org.apache.hadoop.security.UserGroupInformation; -import org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation; -import org.apache.sqoop.common.SqoopException; -import org.apache.sqoop.security.AuthenticationProvider; -import org.apache.sqoop.security.SecurityError; - -public class DefaultAuthenticationProvider extends AuthenticationProvider { - - @Override - public String[] getGroupNames() { - return getRemoteUGI().getGroupNames(); - } - - @Override - public String getUserName() { - return getRemoteUGI().getShortUserName(); - } - - private UserGroupInformation getRemoteUGI() { - UserGroupInformation ugi = null; - try { - ugi = HttpUserGroupInformation.get(); - } catch (Exception e) { - throw new SqoopException(SecurityError.AUTH_0011, - "Unable to get remote authentication from http request", e); - } - - if (ugi == null) { - throw new SqoopException(SecurityError.AUTH_0011, - "Unable to get remote authentication from http request"); - } - return ugi; - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sqoop/blob/4e05e618/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationAccessController.java ---------------------------------------------------------------------- diff --git a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationAccessController.java b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationAccessController.java deleted file mode 100644 index e84c7be..0000000 --- a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationAccessController.java +++ /dev/null @@ -1,145 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sqoop.security.Authorization; - -import org.apache.log4j.Logger; -import org.apache.sqoop.common.SqoopException; -import org.apache.sqoop.model.MPrincipal; -import org.apache.sqoop.model.MPrivilege; -import org.apache.sqoop.model.MResource; -import org.apache.sqoop.model.MRole; -import org.apache.sqoop.security.AuthorizationAccessController; - -import java.util.List; - -public class DefaultAuthorizationAccessController extends AuthorizationAccessController { - - private static final Logger LOG = Logger.getLogger(DefaultAuthorizationAccessController.class); - - /** - * Role related function - */ - @Override - public void createRole(MRole role) throws SqoopException { - LOG.debug("Create role in default authorization access controller: empty function"); - LOG.debug("role: " + role.toString()); - } - - @Override - public void dropRole(MRole role) throws SqoopException { - LOG.debug("Remove role in default authorization access controller: empty function"); - LOG.debug("role: " + role.toString()); - } - - @Override - public List<MRole> getAllRoles() throws SqoopException { - LOG.debug("Get all roles in default authorization access controller: return null"); - return null; - } - - @Override - public List<MRole> getRolesByPrincipal(MPrincipal principal) throws SqoopException { - LOG.debug("Get roles by principal in default authorization access controller: return null"); - LOG.debug("principal: " + principal.toString()); - return null; - } - - /** - * Principal related function - */ - @Override - public List<MPrincipal> getPrincipalsByRole(MRole role) throws SqoopException { - LOG.debug("Get principals by role in default authorization access controller: return null"); - LOG.debug("role: " + role.toString()); - return null; - } - - @Override - public void grantRole(List<MPrincipal> principals, List<MRole> roles) throws SqoopException { - LOG.debug("Grant role in default authorization access controller: empty function"); - for (MPrincipal principal : principals) { - LOG.debug("principal: " + principal.toString()); - } - for (MRole role : roles) { - LOG.debug("role: " + role.toString()); - } - } - - @Override - public void revokeRole(List<MPrincipal> principals, List<MRole> roles) throws SqoopException { - LOG.debug("Revoke role in default authorization access controller: empty function"); - for (MPrincipal principal : principals) { - LOG.debug("principal: " + principal.toString()); - } - for (MRole role : roles) { - LOG.debug("role: " + role.toString()); - } - } - - /** - * Resource related function - */ - @Override - public void updateResource(MResource old_resource, MResource new_resource) throws SqoopException { - LOG.debug("Update resource in default authorization access controller: empty function"); - LOG.debug("old_resource: " + old_resource + ", new_resource: " + new_resource); - } - - @Override - public void removeResource(MResource resource) throws SqoopException { - LOG.debug("Remove resource in default authorization access controller: empty function"); - LOG.debug("resource: " + resource.toString()); - } - - /** - * Privilege related function - */ - @Override - public List<MPrivilege> getPrivilegesByPrincipal(MPrincipal principal, MResource resource) throws SqoopException { - LOG.debug("Get privileges by role in default authorization access controller: return null"); - LOG.debug("principal: " + principal.toString()); - if (resource != null) { //Get all privileges on principal - LOG.debug("resource: " + resource.toString()); - } - return null; - } - - @Override - public void grantPrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) throws SqoopException { - LOG.debug("Grant privileges in default authorization access controller: empty function"); - for (MPrincipal principal : principals) { - LOG.debug("principal: " + principal.toString()); - } - for (MPrivilege privilege : privileges) { - LOG.debug("privilege: " + privilege.toString()); - } - } - - @Override - public void revokePrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) throws SqoopException { - LOG.debug("Revoke privileges in default authorization access controller: empty function"); - for (MPrincipal principal : principals) { - LOG.debug("principal: " + principal.toString()); - } - if (privileges != null) { //Revoke all privileges on principal - for (MPrivilege privilege : privileges) { - LOG.debug("privilege: " + privilege.toString()); - } - } - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sqoop/blob/4e05e618/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationHandler.java ---------------------------------------------------------------------- diff --git a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationHandler.java b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationHandler.java deleted file mode 100644 index f68ca54..0000000 --- a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationHandler.java +++ /dev/null @@ -1,174 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sqoop.security.Authorization; - -import org.apache.log4j.Logger; -import org.apache.sqoop.common.MapContext; -import org.apache.sqoop.common.SqoopException; -import org.apache.sqoop.core.SqoopConfiguration; -import org.apache.sqoop.model.MPrincipal; -import org.apache.sqoop.model.MPrivilege; -import org.apache.sqoop.model.MResource; -import org.apache.sqoop.model.MRole; -import org.apache.sqoop.security.*; - -import java.util.List; - -public class DefaultAuthorizationHandler extends AuthorizationHandler { - - /** - * Default authorization access controller - */ - public static final String DEFAULT_AUTHORIZATION_ACCESS_CONTROLLER = "org.apache.sqoop.security.Authorization.DefaultAuthorizationAccessController"; - - /** - * Default authorization validator - */ - public static final String DEFAULT_AUTHORIZATION_VALIDATOR = "org.apache.sqoop.security.Authorization.DefaultAuthorizationValidator"; - - private static final Logger LOG = Logger.getLogger(DefaultAuthorizationHandler.class); - - protected AuthorizationAccessController authorizationAccessController; - - protected AuthorizationValidator authorizationValidator; - - protected AuthenticationProvider authenticationProvider; - - protected String serverName; - - public AuthorizationValidator getAuthorizationValidator() { - return authorizationValidator; - } - - public void setAuthorizationValidator(AuthorizationValidator authorizationValidator) { - this.authorizationValidator = authorizationValidator; - } - - public AuthorizationAccessController getAuthorizationAccessController() { - return authorizationAccessController; - } - - public void setAuthorizationAccessController(AuthorizationAccessController authorizationAccessController) { - this.authorizationAccessController = authorizationAccessController; - } - - public AuthenticationProvider getAuthenticationProvider() { - return authenticationProvider; - } - - public void setAuthenticationProvider(AuthenticationProvider authenticationProvider) { - this.authenticationProvider = authenticationProvider; - } - - @Override - public void doInitialize(AuthenticationProvider provider, String serverName) throws ClassNotFoundException, IllegalAccessException, InstantiationException { - MapContext mapContext = SqoopConfiguration.getInstance().getContext(); - String accessController = mapContext.getString( - SecurityConstants.AUTHORIZATION_ACCESS_CONTROLLER, - DEFAULT_AUTHORIZATION_ACCESS_CONTROLLER).trim(); - this.authorizationAccessController = SecurityFactory.getAuthorizationAccessController(accessController); - - String validator = mapContext.getString( - SecurityConstants.AUTHORIZATION_VALIDATOR, - DEFAULT_AUTHORIZATION_VALIDATOR).trim(); - this.authorizationValidator = SecurityFactory.getAuthorizationValidator(validator); - - this.authenticationProvider = provider; - this.serverName = serverName; - } - - /** - * Role related function - */ - @Override - public void createRole(MRole role) throws SqoopException { - this.authorizationAccessController.createRole(role); - } - - @Override - public void dropRole(MRole role) throws SqoopException { - this.authorizationAccessController.dropRole(role); - } - - @Override - public List<MRole> getAllRoles() throws SqoopException { - return this.authorizationAccessController.getAllRoles(); - } - - @Override - public List<MRole> getRolesByPrincipal(MPrincipal principal) throws SqoopException { - return this.authorizationAccessController.getRolesByPrincipal(principal); - } - - /** - * Principal related function - */ - @Override - public List<MPrincipal> getPrincipalsByRole(MRole role) throws SqoopException { - return this.authorizationAccessController.getPrincipalsByRole(role); - } - - @Override - public void grantRole(List<MPrincipal> principals, List<MRole> roles) throws SqoopException { - this.authorizationAccessController.grantRole(principals, roles); - } - - @Override - public void revokeRole(List<MPrincipal> principals, List<MRole> roles) throws SqoopException { - this.authorizationAccessController.revokeRole(principals, roles); - } - - /** - * Resource related function - */ - @Override - public void updateResource(MResource old_resource, MResource new_resource) throws SqoopException { - this.authorizationAccessController.updateResource(old_resource, new_resource); - } - - @Override - public void removeResource(MResource resource) throws SqoopException { - this.authorizationAccessController.removeResource(resource); - } - - /** - * Privilege related function - */ - @Override - public List<MPrivilege> getPrivilegesByPrincipal(MPrincipal principal, MResource resource) throws SqoopException { - return this.authorizationAccessController.getPrivilegesByPrincipal(principal, resource); - } - - @Override - public void grantPrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) throws SqoopException { - this.authorizationAccessController.grantPrivileges(principals, privileges); - } - - @Override - public void revokePrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) throws SqoopException { - this.authorizationAccessController.revokePrivileges(principals, privileges); - } - - /** - * Validator related function - */ - @Override - public void checkPrivileges(MPrincipal principal, List<MPrivilege> privileges) throws SqoopException { - this.authorizationValidator.checkPrivileges(principal, privileges); - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sqoop/blob/4e05e618/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationValidator.java ---------------------------------------------------------------------- diff --git a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationValidator.java b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationValidator.java deleted file mode 100644 index aa8fe8d..0000000 --- a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationValidator.java +++ /dev/null @@ -1,42 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.sqoop.security.Authorization; - -import org.apache.log4j.Logger; -import org.apache.sqoop.common.SqoopException; -import org.apache.sqoop.model.MPrincipal; -import org.apache.sqoop.model.MPrivilege; -import org.apache.sqoop.security.AuthorizationValidator; - -import java.util.List; - -public class DefaultAuthorizationValidator extends AuthorizationValidator { - - private static final Logger LOG = Logger.getLogger(DefaultAuthorizationValidator.class); - - /** - * Validator related function - */ - public void checkPrivileges(MPrincipal principal, List<MPrivilege> privileges) throws SqoopException { - LOG.debug("Check privilege in default authorization validator: always valid"); - LOG.debug("principal: " + principal.toString()); - for (MPrivilege privilege : privileges) { - LOG.debug("privilege: " + privilege.toString()); - } - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sqoop/blob/4e05e618/security/src/main/java/org/apache/sqoop/security/authentication/KerberosAuthenticationHandler.java ---------------------------------------------------------------------- diff --git a/security/src/main/java/org/apache/sqoop/security/authentication/KerberosAuthenticationHandler.java b/security/src/main/java/org/apache/sqoop/security/authentication/KerberosAuthenticationHandler.java new file mode 100644 index 0000000..ee3a7b3 --- /dev/null +++ b/security/src/main/java/org/apache/sqoop/security/authentication/KerberosAuthenticationHandler.java @@ -0,0 +1,90 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sqoop.security.authentication; + +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.security.SecurityUtil; +import org.apache.hadoop.security.UserGroupInformation; +import org.apache.log4j.Logger; +import org.apache.sqoop.common.MapContext; +import org.apache.sqoop.common.SqoopException; +import org.apache.sqoop.core.SqoopConfiguration; +import org.apache.sqoop.security.AuthenticationHandler; +import org.apache.sqoop.security.SecurityConstants; +import org.apache.sqoop.security.SecurityError; + +import java.io.IOException; + +public class KerberosAuthenticationHandler extends AuthenticationHandler { + + private static final Logger LOG = Logger.getLogger(KerberosAuthenticationHandler.class); + + /** + * Principal for Kerberos option value + */ + private String keytabPrincipal; + + public String getKeytabPrincipal() { + return keytabPrincipal; + } + + /** + * Keytab for Kerberos option value + */ + private String keytabFile; + + public String getKeytabFile() { + return keytabFile; + } + + public void doInitialize() { + securityEnabled = true; + } + + public void secureLogin() { + MapContext mapContext = SqoopConfiguration.getInstance().getContext(); + String keytab = mapContext.getString( + SecurityConstants.AUTHENTICATION_KERBEROS_KEYTAB).trim(); + if (keytab.length() == 0) { + throw new SqoopException(SecurityError.AUTH_0001, + SecurityConstants.AUTHENTICATION_KERBEROS_KEYTAB); + } + keytabFile = keytab; + + String principal = mapContext.getString( + SecurityConstants.AUTHENTICATION_KERBEROS_PRINCIPAL).trim(); + if (principal.length() == 0) { + throw new SqoopException(SecurityError.AUTH_0002, + SecurityConstants.AUTHENTICATION_KERBEROS_PRINCIPAL); + } + keytabPrincipal = principal; + + Configuration conf = new Configuration(); + conf.set(get_hadoop_security_authentication(), + SecurityConstants.TYPE.KERBEROS.name()); + UserGroupInformation.setConfiguration(conf); + try { + String hostPrincipal = SecurityUtil.getServerPrincipal(principal, "0.0.0.0"); + UserGroupInformation.loginUserFromKeytab(hostPrincipal, keytab); + } catch (IOException ex) { + throw new SqoopException(SecurityError.AUTH_0003, ex); + } + LOG.info("Using Kerberos authentication, principal [" + + principal + "] keytab [" + keytab + "]"); + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sqoop/blob/4e05e618/security/src/main/java/org/apache/sqoop/security/authentication/SimpleAuthenticationHandler.java ---------------------------------------------------------------------- diff --git a/security/src/main/java/org/apache/sqoop/security/authentication/SimpleAuthenticationHandler.java b/security/src/main/java/org/apache/sqoop/security/authentication/SimpleAuthenticationHandler.java new file mode 100644 index 0000000..4154cb9 --- /dev/null +++ b/security/src/main/java/org/apache/sqoop/security/authentication/SimpleAuthenticationHandler.java @@ -0,0 +1,43 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sqoop.security.authentication; + +import org.apache.hadoop.conf.Configuration; +import org.apache.hadoop.security.UserGroupInformation; +import org.apache.log4j.Logger; +import org.apache.sqoop.security.AuthenticationHandler; +import org.apache.sqoop.security.SecurityConstants; + +public class SimpleAuthenticationHandler extends AuthenticationHandler { + + private static final Logger LOG = Logger.getLogger(SimpleAuthenticationHandler.class); + + public void doInitialize() { + securityEnabled = false; + } + + public void secureLogin() { + //no secureLogin, just set configurations + Configuration conf = new Configuration(); + conf.set(get_hadoop_security_authentication(), + SecurityConstants.TYPE.SIMPLE.name()); + UserGroupInformation.setConfiguration(conf); + LOG.info("Using simple/pseudo authentication, principal [" + + System.getProperty("user.name") + "]"); + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sqoop/blob/4e05e618/security/src/main/java/org/apache/sqoop/security/authorization/AuthorizationEngine.java ---------------------------------------------------------------------- diff --git a/security/src/main/java/org/apache/sqoop/security/authorization/AuthorizationEngine.java b/security/src/main/java/org/apache/sqoop/security/authorization/AuthorizationEngine.java new file mode 100644 index 0000000..10f02c0 --- /dev/null +++ b/security/src/main/java/org/apache/sqoop/security/authorization/AuthorizationEngine.java @@ -0,0 +1,196 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sqoop.security.authorization; + +import com.beust.jcommander.internal.Lists; +import com.google.common.base.Predicate; +import com.google.common.collect.Collections2; +import org.apache.commons.lang.StringUtils; +import org.apache.hadoop.security.UserGroupInformation; +import org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation; +import org.apache.log4j.Logger; +import org.apache.sqoop.common.SqoopException; +import org.apache.sqoop.model.*; +import org.apache.sqoop.repository.Repository; +import org.apache.sqoop.repository.RepositoryManager; +import org.apache.sqoop.security.AuthorizationHandler; +import org.apache.sqoop.security.AuthorizationManager; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; + +public class AuthorizationEngine { + + private static final Logger LOG = Logger.getLogger(AuthorizationEngine.class); + + /** + * Filter resources, get all valid resources from all resources + */ + public static <T extends MPersistableEntity> List<T> filterResource(final MResource.TYPE type, List<T> resources) throws SqoopException { + Collection<T> collection = Collections2.filter(resources, new Predicate<T>() { + @Override + public boolean apply(T input) { + try { + String name = String.valueOf(input.getPersistenceId()); + checkPrivilege(getPrivilege(type, name, MPrivilege.ACTION.READ)); + // add valid resource + return true; + } catch (Exception e) { + //do not add into result if invalid resource + return false; + } + } + }); + return Lists.newArrayList(collection); + } + + /** + * Connector related function + */ + public static void readConnector(String connectorId) throws SqoopException { + checkPrivilege(getPrivilege(MResource.TYPE.CONNECTOR, connectorId, MPrivilege.ACTION.READ)); + } + + /** + * Link related function + */ + public static void readLink(String linkId) throws SqoopException { + checkPrivilege(getPrivilege(MResource.TYPE.LINK, linkId, MPrivilege.ACTION.READ)); + } + + public static void createLink(String connectorId) throws SqoopException { + checkPrivilege(getPrivilege(MResource.TYPE.CONNECTOR, connectorId, MPrivilege.ACTION.READ)); + } + + public static void updateLink(String connectorId, String linkId) throws SqoopException { + MPrivilege privilege1 = getPrivilege(MResource.TYPE.CONNECTOR, connectorId, MPrivilege.ACTION.READ); + MPrivilege privilege2 = getPrivilege(MResource.TYPE.LINK, linkId, MPrivilege.ACTION.WRITE); + checkPrivilege(privilege1, privilege2); + } + + public static void deleteLink(String linkId) throws SqoopException { + checkPrivilege(getPrivilege(MResource.TYPE.LINK, linkId, MPrivilege.ACTION.WRITE)); + } + + public static void enableDisableLink(String linkId) throws SqoopException { + checkPrivilege(getPrivilege(MResource.TYPE.LINK, linkId, MPrivilege.ACTION.WRITE)); + } + + /** + * Job related function + */ + public static void readJob(String jobId) throws SqoopException { + checkPrivilege(getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.READ)); + } + + public static void createJob(String linkId1, String linkId2) throws SqoopException { + MPrivilege privilege1 = getPrivilege(MResource.TYPE.LINK, linkId1, MPrivilege.ACTION.READ); + MPrivilege privilege2 = getPrivilege(MResource.TYPE.LINK, linkId2, MPrivilege.ACTION.READ); + checkPrivilege(privilege1, privilege2); + } + + public static void updateJob(String linkId1, String linkId2, String jobId) throws SqoopException { + MPrivilege privilege1 = getPrivilege(MResource.TYPE.LINK, linkId1, MPrivilege.ACTION.READ); + MPrivilege privilege2 = getPrivilege(MResource.TYPE.LINK, linkId2, MPrivilege.ACTION.READ); + MPrivilege privilege3 = getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.WRITE); + checkPrivilege(privilege1, privilege2, privilege3); + } + + public static void deleteJob(String jobId) throws SqoopException { + checkPrivilege(getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.WRITE)); + } + + public static void enableDisableJob(String jobId) throws SqoopException { + checkPrivilege(getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.WRITE)); + } + + public static void startJob(String jobId) throws SqoopException { + ; + checkPrivilege(getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.WRITE)); + } + + public static void stopJob(String jobId) throws SqoopException { + checkPrivilege(getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.WRITE)); + } + + public static void statusJob(String jobId) throws SqoopException { + checkPrivilege(getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.READ)); + } + + /** + * Filter resources, get all valid resources from all resources + */ + public static List<MSubmission> filterSubmission(List<MSubmission> submissions) throws SqoopException { + Collection<MSubmission> collection = Collections2.filter(submissions, new Predicate<MSubmission>() { + @Override + public boolean apply(MSubmission input) { + try { + String jobId = String.valueOf(input.getJobId()); + checkPrivilege(getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.READ)); + // add valid submission + return true; + } catch (Exception e) { + //do not add into result if invalid submission + return false; + } + } + }); + return Lists.newArrayList(collection); + } + + /** + * Help function + */ + private static MPrivilege getPrivilege(MResource.TYPE resourceType, + String resourceId, + MPrivilege.ACTION privilegeAction) { + return new MPrivilege(new MResource(resourceId, resourceType), privilegeAction, false); + } + + private static void checkPrivilege(MPrivilege... privileges) { + AuthorizationHandler handler = AuthorizationManager.getAuthorizationHandler(); + UserGroupInformation user = HttpUserGroupInformation.get(); + String user_name = user == null ? StringUtils.EMPTY : user.getShortUserName(); + MPrincipal principal = new MPrincipal(user_name, MPrincipal.TYPE.USER); + + // SQOOP-2256: Hack code, do not check privilege when the user is the creator + // If the user is the owner/creator of this resource, then privilege will + // not be checked. It is a hack code for the time being. The concept of + // "Owner" will be added in the future and this code will be removed. + ArrayList<MPrivilege> privilegesNeedCheck = new ArrayList<MPrivilege>(); + for (MPrivilege privilege : privileges) { + Repository repository = RepositoryManager.getInstance().getRepository(); + if (MResource.TYPE.LINK.name().equalsIgnoreCase(privilege.getResource().getType())) { + MLink link = repository.findLink(Long.valueOf(privilege.getResource().getName())); + if (!user_name.equals(link.getCreationUser())) { + privilegesNeedCheck.add(privilege); + } + } else if (MResource.TYPE.JOB.name().equalsIgnoreCase(privilege.getResource().getType())) { + MJob job = repository.findJob(Long.valueOf(privilege.getResource().getName())); + if (!user_name.equals(job.getCreationUser())) { + privilegesNeedCheck.add(privilege); + } + } else { + privilegesNeedCheck.add(privilege); + } + } + + handler.checkPrivileges(principal, privilegesNeedCheck); + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sqoop/blob/4e05e618/security/src/main/java/org/apache/sqoop/security/authorization/DefaultAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/security/src/main/java/org/apache/sqoop/security/authorization/DefaultAuthenticationProvider.java b/security/src/main/java/org/apache/sqoop/security/authorization/DefaultAuthenticationProvider.java new file mode 100644 index 0000000..8e6cf39 --- /dev/null +++ b/security/src/main/java/org/apache/sqoop/security/authorization/DefaultAuthenticationProvider.java @@ -0,0 +1,54 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.sqoop.security.authorization; + +import org.apache.hadoop.security.UserGroupInformation; +import org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation; +import org.apache.sqoop.common.SqoopException; +import org.apache.sqoop.security.AuthenticationProvider; +import org.apache.sqoop.security.SecurityError; + +public class DefaultAuthenticationProvider extends AuthenticationProvider { + + @Override + public String[] getGroupNames() { + return getRemoteUGI().getGroupNames(); + } + + @Override + public String getUserName() { + return getRemoteUGI().getShortUserName(); + } + + private UserGroupInformation getRemoteUGI() { + UserGroupInformation ugi = null; + try { + ugi = HttpUserGroupInformation.get(); + } catch (Exception e) { + throw new SqoopException(SecurityError.AUTH_0011, + "Unable to get remote authentication from http request", e); + } + + if (ugi == null) { + throw new SqoopException(SecurityError.AUTH_0011, + "Unable to get remote authentication from http request"); + } + return ugi; + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sqoop/blob/4e05e618/security/src/main/java/org/apache/sqoop/security/authorization/DefaultAuthorizationAccessController.java ---------------------------------------------------------------------- diff --git a/security/src/main/java/org/apache/sqoop/security/authorization/DefaultAuthorizationAccessController.java b/security/src/main/java/org/apache/sqoop/security/authorization/DefaultAuthorizationAccessController.java new file mode 100644 index 0000000..f7d182b --- /dev/null +++ b/security/src/main/java/org/apache/sqoop/security/authorization/DefaultAuthorizationAccessController.java @@ -0,0 +1,145 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sqoop.security.authorization; + +import org.apache.log4j.Logger; +import org.apache.sqoop.common.SqoopException; +import org.apache.sqoop.model.MPrincipal; +import org.apache.sqoop.model.MPrivilege; +import org.apache.sqoop.model.MResource; +import org.apache.sqoop.model.MRole; +import org.apache.sqoop.security.AuthorizationAccessController; + +import java.util.List; + +public class DefaultAuthorizationAccessController extends AuthorizationAccessController { + + private static final Logger LOG = Logger.getLogger(DefaultAuthorizationAccessController.class); + + /** + * Role related function + */ + @Override + public void createRole(MRole role) throws SqoopException { + LOG.debug("Create role in default authorization access controller: empty function"); + LOG.debug("role: " + role.toString()); + } + + @Override + public void dropRole(MRole role) throws SqoopException { + LOG.debug("Remove role in default authorization access controller: empty function"); + LOG.debug("role: " + role.toString()); + } + + @Override + public List<MRole> getAllRoles() throws SqoopException { + LOG.debug("Get all roles in default authorization access controller: return null"); + return null; + } + + @Override + public List<MRole> getRolesByPrincipal(MPrincipal principal) throws SqoopException { + LOG.debug("Get roles by principal in default authorization access controller: return null"); + LOG.debug("principal: " + principal.toString()); + return null; + } + + /** + * Principal related function + */ + @Override + public List<MPrincipal> getPrincipalsByRole(MRole role) throws SqoopException { + LOG.debug("Get principals by role in default authorization access controller: return null"); + LOG.debug("role: " + role.toString()); + return null; + } + + @Override + public void grantRole(List<MPrincipal> principals, List<MRole> roles) throws SqoopException { + LOG.debug("Grant role in default authorization access controller: empty function"); + for (MPrincipal principal : principals) { + LOG.debug("principal: " + principal.toString()); + } + for (MRole role : roles) { + LOG.debug("role: " + role.toString()); + } + } + + @Override + public void revokeRole(List<MPrincipal> principals, List<MRole> roles) throws SqoopException { + LOG.debug("Revoke role in default authorization access controller: empty function"); + for (MPrincipal principal : principals) { + LOG.debug("principal: " + principal.toString()); + } + for (MRole role : roles) { + LOG.debug("role: " + role.toString()); + } + } + + /** + * Resource related function + */ + @Override + public void updateResource(MResource old_resource, MResource new_resource) throws SqoopException { + LOG.debug("Update resource in default authorization access controller: empty function"); + LOG.debug("old_resource: " + old_resource + ", new_resource: " + new_resource); + } + + @Override + public void removeResource(MResource resource) throws SqoopException { + LOG.debug("Remove resource in default authorization access controller: empty function"); + LOG.debug("resource: " + resource.toString()); + } + + /** + * Privilege related function + */ + @Override + public List<MPrivilege> getPrivilegesByPrincipal(MPrincipal principal, MResource resource) throws SqoopException { + LOG.debug("Get privileges by role in default authorization access controller: return null"); + LOG.debug("principal: " + principal.toString()); + if (resource != null) { //Get all privileges on principal + LOG.debug("resource: " + resource.toString()); + } + return null; + } + + @Override + public void grantPrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) throws SqoopException { + LOG.debug("Grant privileges in default authorization access controller: empty function"); + for (MPrincipal principal : principals) { + LOG.debug("principal: " + principal.toString()); + } + for (MPrivilege privilege : privileges) { + LOG.debug("privilege: " + privilege.toString()); + } + } + + @Override + public void revokePrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) throws SqoopException { + LOG.debug("Revoke privileges in default authorization access controller: empty function"); + for (MPrincipal principal : principals) { + LOG.debug("principal: " + principal.toString()); + } + if (privileges != null) { //Revoke all privileges on principal + for (MPrivilege privilege : privileges) { + LOG.debug("privilege: " + privilege.toString()); + } + } + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sqoop/blob/4e05e618/security/src/main/java/org/apache/sqoop/security/authorization/DefaultAuthorizationHandler.java ---------------------------------------------------------------------- diff --git a/security/src/main/java/org/apache/sqoop/security/authorization/DefaultAuthorizationHandler.java b/security/src/main/java/org/apache/sqoop/security/authorization/DefaultAuthorizationHandler.java new file mode 100644 index 0000000..1adabef --- /dev/null +++ b/security/src/main/java/org/apache/sqoop/security/authorization/DefaultAuthorizationHandler.java @@ -0,0 +1,174 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sqoop.security.authorization; + +import org.apache.log4j.Logger; +import org.apache.sqoop.common.MapContext; +import org.apache.sqoop.common.SqoopException; +import org.apache.sqoop.core.SqoopConfiguration; +import org.apache.sqoop.model.MPrincipal; +import org.apache.sqoop.model.MPrivilege; +import org.apache.sqoop.model.MResource; +import org.apache.sqoop.model.MRole; +import org.apache.sqoop.security.*; + +import java.util.List; + +public class DefaultAuthorizationHandler extends AuthorizationHandler { + + /** + * Default authorization access controller + */ + public static final String DEFAULT_AUTHORIZATION_ACCESS_CONTROLLER = "org.apache.sqoop.security.authorization.DefaultAuthorizationAccessController"; + + /** + * Default authorization validator + */ + public static final String DEFAULT_AUTHORIZATION_VALIDATOR = "org.apache.sqoop.security.authorization.DefaultAuthorizationValidator"; + + private static final Logger LOG = Logger.getLogger(DefaultAuthorizationHandler.class); + + protected AuthorizationAccessController authorizationAccessController; + + protected AuthorizationValidator authorizationValidator; + + protected AuthenticationProvider authenticationProvider; + + protected String serverName; + + public AuthorizationValidator getAuthorizationValidator() { + return authorizationValidator; + } + + public void setAuthorizationValidator(AuthorizationValidator authorizationValidator) { + this.authorizationValidator = authorizationValidator; + } + + public AuthorizationAccessController getAuthorizationAccessController() { + return authorizationAccessController; + } + + public void setAuthorizationAccessController(AuthorizationAccessController authorizationAccessController) { + this.authorizationAccessController = authorizationAccessController; + } + + public AuthenticationProvider getAuthenticationProvider() { + return authenticationProvider; + } + + public void setAuthenticationProvider(AuthenticationProvider authenticationProvider) { + this.authenticationProvider = authenticationProvider; + } + + @Override + public void doInitialize(AuthenticationProvider provider, String serverName) throws ClassNotFoundException, IllegalAccessException, InstantiationException { + MapContext mapContext = SqoopConfiguration.getInstance().getContext(); + String accessController = mapContext.getString( + SecurityConstants.AUTHORIZATION_ACCESS_CONTROLLER, + DEFAULT_AUTHORIZATION_ACCESS_CONTROLLER).trim(); + this.authorizationAccessController = SecurityFactory.getAuthorizationAccessController(accessController); + + String validator = mapContext.getString( + SecurityConstants.AUTHORIZATION_VALIDATOR, + DEFAULT_AUTHORIZATION_VALIDATOR).trim(); + this.authorizationValidator = SecurityFactory.getAuthorizationValidator(validator); + + this.authenticationProvider = provider; + this.serverName = serverName; + } + + /** + * Role related function + */ + @Override + public void createRole(MRole role) throws SqoopException { + this.authorizationAccessController.createRole(role); + } + + @Override + public void dropRole(MRole role) throws SqoopException { + this.authorizationAccessController.dropRole(role); + } + + @Override + public List<MRole> getAllRoles() throws SqoopException { + return this.authorizationAccessController.getAllRoles(); + } + + @Override + public List<MRole> getRolesByPrincipal(MPrincipal principal) throws SqoopException { + return this.authorizationAccessController.getRolesByPrincipal(principal); + } + + /** + * Principal related function + */ + @Override + public List<MPrincipal> getPrincipalsByRole(MRole role) throws SqoopException { + return this.authorizationAccessController.getPrincipalsByRole(role); + } + + @Override + public void grantRole(List<MPrincipal> principals, List<MRole> roles) throws SqoopException { + this.authorizationAccessController.grantRole(principals, roles); + } + + @Override + public void revokeRole(List<MPrincipal> principals, List<MRole> roles) throws SqoopException { + this.authorizationAccessController.revokeRole(principals, roles); + } + + /** + * Resource related function + */ + @Override + public void updateResource(MResource old_resource, MResource new_resource) throws SqoopException { + this.authorizationAccessController.updateResource(old_resource, new_resource); + } + + @Override + public void removeResource(MResource resource) throws SqoopException { + this.authorizationAccessController.removeResource(resource); + } + + /** + * Privilege related function + */ + @Override + public List<MPrivilege> getPrivilegesByPrincipal(MPrincipal principal, MResource resource) throws SqoopException { + return this.authorizationAccessController.getPrivilegesByPrincipal(principal, resource); + } + + @Override + public void grantPrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) throws SqoopException { + this.authorizationAccessController.grantPrivileges(principals, privileges); + } + + @Override + public void revokePrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) throws SqoopException { + this.authorizationAccessController.revokePrivileges(principals, privileges); + } + + /** + * Validator related function + */ + @Override + public void checkPrivileges(MPrincipal principal, List<MPrivilege> privileges) throws SqoopException { + this.authorizationValidator.checkPrivileges(principal, privileges); + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sqoop/blob/4e05e618/security/src/main/java/org/apache/sqoop/security/authorization/DefaultAuthorizationValidator.java ---------------------------------------------------------------------- diff --git a/security/src/main/java/org/apache/sqoop/security/authorization/DefaultAuthorizationValidator.java b/security/src/main/java/org/apache/sqoop/security/authorization/DefaultAuthorizationValidator.java new file mode 100644 index 0000000..7590af0 --- /dev/null +++ b/security/src/main/java/org/apache/sqoop/security/authorization/DefaultAuthorizationValidator.java @@ -0,0 +1,42 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sqoop.security.authorization; + +import org.apache.log4j.Logger; +import org.apache.sqoop.common.SqoopException; +import org.apache.sqoop.model.MPrincipal; +import org.apache.sqoop.model.MPrivilege; +import org.apache.sqoop.security.AuthorizationValidator; + +import java.util.List; + +public class DefaultAuthorizationValidator extends AuthorizationValidator { + + private static final Logger LOG = Logger.getLogger(DefaultAuthorizationValidator.class); + + /** + * Validator related function + */ + public void checkPrivileges(MPrincipal principal, List<MPrivilege> privileges) throws SqoopException { + LOG.debug("Check privilege in default authorization validator: always valid"); + LOG.debug("principal: " + principal.toString()); + for (MPrivilege privilege : privileges) { + LOG.debug("privilege: " + privilege.toString()); + } + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/sqoop/blob/4e05e618/server/src/main/java/org/apache/sqoop/handler/ConnectorRequestHandler.java ---------------------------------------------------------------------- diff --git a/server/src/main/java/org/apache/sqoop/handler/ConnectorRequestHandler.java b/server/src/main/java/org/apache/sqoop/handler/ConnectorRequestHandler.java index 570c974..5128a27 100644 --- a/server/src/main/java/org/apache/sqoop/handler/ConnectorRequestHandler.java +++ b/server/src/main/java/org/apache/sqoop/handler/ConnectorRequestHandler.java @@ -33,7 +33,7 @@ import org.apache.sqoop.json.ConnectorsBean; import org.apache.sqoop.json.JsonBean; import org.apache.sqoop.model.MConnector; import org.apache.sqoop.model.MResource; -import org.apache.sqoop.security.Authorization.AuthorizationEngine; +import org.apache.sqoop.security.authorization.AuthorizationEngine; import org.apache.sqoop.server.RequestContext; import org.apache.sqoop.server.RequestContext.Method; import org.apache.sqoop.server.RequestHandler; http://git-wip-us.apache.org/repos/asf/sqoop/blob/4e05e618/server/src/main/java/org/apache/sqoop/handler/JobRequestHandler.java ---------------------------------------------------------------------- diff --git a/server/src/main/java/org/apache/sqoop/handler/JobRequestHandler.java b/server/src/main/java/org/apache/sqoop/handler/JobRequestHandler.java index 793aa2f..c96d66d 100644 --- a/server/src/main/java/org/apache/sqoop/handler/JobRequestHandler.java +++ b/server/src/main/java/org/apache/sqoop/handler/JobRequestHandler.java @@ -47,7 +47,7 @@ import org.apache.sqoop.model.MToConfig; import org.apache.sqoop.repository.Repository; import org.apache.sqoop.repository.RepositoryManager; import org.apache.sqoop.request.HttpEventContext; -import org.apache.sqoop.security.Authorization.AuthorizationEngine; +import org.apache.sqoop.security.authorization.AuthorizationEngine; import org.apache.sqoop.security.AuthorizationManager; import org.apache.sqoop.server.RequestContext; import org.apache.sqoop.server.RequestHandler; http://git-wip-us.apache.org/repos/asf/sqoop/blob/4e05e618/server/src/main/java/org/apache/sqoop/handler/LinkRequestHandler.java ---------------------------------------------------------------------- diff --git a/server/src/main/java/org/apache/sqoop/handler/LinkRequestHandler.java b/server/src/main/java/org/apache/sqoop/handler/LinkRequestHandler.java index 6d4aa38..bf3a42a 100644 --- a/server/src/main/java/org/apache/sqoop/handler/LinkRequestHandler.java +++ b/server/src/main/java/org/apache/sqoop/handler/LinkRequestHandler.java @@ -39,7 +39,7 @@ import org.apache.sqoop.model.MPersistableEntity; import org.apache.sqoop.model.MResource; import org.apache.sqoop.repository.Repository; import org.apache.sqoop.repository.RepositoryManager; -import org.apache.sqoop.security.Authorization.AuthorizationEngine; +import org.apache.sqoop.security.authorization.AuthorizationEngine; import org.apache.sqoop.security.AuthorizationManager; import org.apache.sqoop.server.RequestContext; import org.apache.sqoop.server.RequestHandler; http://git-wip-us.apache.org/repos/asf/sqoop/blob/4e05e618/server/src/main/java/org/apache/sqoop/handler/SubmissionRequestHandler.java ---------------------------------------------------------------------- diff --git a/server/src/main/java/org/apache/sqoop/handler/SubmissionRequestHandler.java b/server/src/main/java/org/apache/sqoop/handler/SubmissionRequestHandler.java index d2275e4..b4c16f1 100644 --- a/server/src/main/java/org/apache/sqoop/handler/SubmissionRequestHandler.java +++ b/server/src/main/java/org/apache/sqoop/handler/SubmissionRequestHandler.java @@ -27,7 +27,7 @@ import org.apache.sqoop.json.SubmissionsBean; import org.apache.sqoop.model.MSubmission; import org.apache.sqoop.repository.Repository; import org.apache.sqoop.repository.RepositoryManager; -import org.apache.sqoop.security.Authorization.AuthorizationEngine; +import org.apache.sqoop.security.authorization.AuthorizationEngine; import org.apache.sqoop.server.RequestContext; import org.apache.sqoop.server.RequestContext.Method; import org.apache.sqoop.server.RequestHandler;
