Repository: sqoop Updated Branches: refs/heads/sqoop2 3e50a3b7e -> b8e53c428
SQOOP-2379: Sqoop2: Check whether resource exists before run privilege check (Dian Fu via Abraham Elmahrek) Project: http://git-wip-us.apache.org/repos/asf/sqoop/repo Commit: http://git-wip-us.apache.org/repos/asf/sqoop/commit/b8e53c42 Tree: http://git-wip-us.apache.org/repos/asf/sqoop/tree/b8e53c42 Diff: http://git-wip-us.apache.org/repos/asf/sqoop/diff/b8e53c42 Branch: refs/heads/sqoop2 Commit: b8e53c42834de21c3b52af5c8b4061b66eb351e9 Parents: 3e50a3b Author: Abraham Elmahrek <[email protected]> Authored: Mon Jun 8 15:58:07 2015 +0300 Committer: Abraham Elmahrek <[email protected]> Committed: Mon Jun 8 15:58:07 2015 +0300 ---------------------------------------------------------------------- .../sqoop/error/code/CommonRepositoryError.java | 1 + .../handler/AuthorizationRequestHandler.java | 45 ++++++++++++++++++++ 2 files changed, 46 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sqoop/blob/b8e53c42/common/src/main/java/org/apache/sqoop/error/code/CommonRepositoryError.java ---------------------------------------------------------------------- diff --git a/common/src/main/java/org/apache/sqoop/error/code/CommonRepositoryError.java b/common/src/main/java/org/apache/sqoop/error/code/CommonRepositoryError.java index e5fbe2d..7b8fce5 100644 --- a/common/src/main/java/org/apache/sqoop/error/code/CommonRepositoryError.java +++ b/common/src/main/java/org/apache/sqoop/error/code/CommonRepositoryError.java @@ -215,6 +215,7 @@ public enum CommonRepositoryError implements ErrorCode { /** We can't restore specific connector**/ COMMON_0057("Unable to load specific connector"), + COMMON_0058("Resource doesn't exist"), ; private final String message; http://git-wip-us.apache.org/repos/asf/sqoop/blob/b8e53c42/server/src/main/java/org/apache/sqoop/handler/AuthorizationRequestHandler.java ---------------------------------------------------------------------- diff --git a/server/src/main/java/org/apache/sqoop/handler/AuthorizationRequestHandler.java b/server/src/main/java/org/apache/sqoop/handler/AuthorizationRequestHandler.java index 00f4b52..a730413 100644 --- a/server/src/main/java/org/apache/sqoop/handler/AuthorizationRequestHandler.java +++ b/server/src/main/java/org/apache/sqoop/handler/AuthorizationRequestHandler.java @@ -20,6 +20,9 @@ package org.apache.sqoop.handler; import org.apache.log4j.Logger; import org.apache.sqoop.audit.AuditLoggerManager; import org.apache.sqoop.common.SqoopException; +import org.apache.sqoop.error.code.CommonRepositoryError; +import org.apache.sqoop.repository.Repository; +import org.apache.sqoop.repository.RepositoryManager; import org.apache.sqoop.server.common.ServerError; import org.apache.sqoop.json.*; import org.apache.sqoop.model.MPrincipal; @@ -165,6 +168,38 @@ public class AuthorizationRequestHandler implements RequestHandler { } } + private void checkResourceExists(MResource resource) { + if (resource == null) { + return; + } + + Boolean resourceExists = false; + Repository repository = RepositoryManager.getInstance().getRepository(); + MResource.TYPE type = MResource.TYPE.valueOf(resource.getType()); + + if (type == MResource.TYPE.CONNECTOR) { + if (repository.findConnector(resource.getName()) != null) { + resourceExists = true; + } + } else if (type == MResource.TYPE.LINK) { + if (repository.findLink(resource.getName()) != null) { + resourceExists = true; + } + } else if (type == MResource.TYPE.JOB) { + if (repository.findJob(resource.getName()) != null) { + resourceExists = true; + } + } else { + // For MResource.Type.SERVER, it must exists + resourceExists = true; + } + + if (!resourceExists) { + throw new SqoopException(CommonRepositoryError.COMMON_0058, + "Can't find resource " + resource.toString()); + } + } + private JsonBean getPrivilege(RequestContext ctx) { AuthorizationHandler handler = AuthorizationManager.getAuthorizationHandler(); AuditLoggerManager manager = AuditLoggerManager.getInstance(); @@ -180,6 +215,7 @@ public class AuthorizationRequestHandler implements RequestHandler { if (resource_name != null && resource_type != null) { resource = new MResource(resource_name, resource_type); } + checkResourceExists(resource); manager.logAuditEvent(ctx.getUserName(), ctx.getRequest().getRemoteAddr(), "get", "privileges by principal", principal.toString()); return new PrivilegesBean(handler.getPrivilegesByPrincipal(principal, resource)); @@ -272,6 +308,15 @@ public class AuthorizationRequestHandler implements RequestHandler { // Get privilege object List<MPrivilege> privileges = privilegesBean == null ? null : privilegesBean.getPrivileges(); + if (privileges != null) { + for (MPrivilege privilege : privileges) { + checkResourceExists(privilege.getResource()); + } + } else if (isGrant){ + throw new SqoopException(CommonRepositoryError.COMMON_0058, + "Resource can't be null"); + } + if (isGrant) { manager.logAuditEvent(ctx.getUserName(), ctx.getRequest().getRemoteAddr(), "grant", "role", "privilege");
