Repository: sqoop Updated Branches: refs/heads/sqoop2 90eb27474 -> 37fec0abd
SQOOP-2439: Sqoop2: NullPointerException when calling job status notification URL (Dian Fu via Jarek Jarcec Cecho) Project: http://git-wip-us.apache.org/repos/asf/sqoop/repo Commit: http://git-wip-us.apache.org/repos/asf/sqoop/commit/37fec0ab Tree: http://git-wip-us.apache.org/repos/asf/sqoop/tree/37fec0ab Diff: http://git-wip-us.apache.org/repos/asf/sqoop/diff/37fec0ab Branch: refs/heads/sqoop2 Commit: 37fec0abd64d3900c14c9b23dd355bd68f6cb5f5 Parents: 90eb274 Author: Jarek Jarcec Cecho <[email protected]> Authored: Wed Aug 26 16:32:52 2015 -0700 Committer: Jarek Jarcec Cecho <[email protected]> Committed: Wed Aug 26 16:32:52 2015 -0700 ---------------------------------------------------------------------- .../org/apache/sqoop/security/SecurityConstants.java | 9 +++++++++ .../java/org/apache/sqoop/security/SecurityError.java | 5 ++++- dist/src/main/server/conf/sqoop.properties | 3 +++ .../sqoop/handler/AuthorizationRequestHandler.java | 11 +++++++++++ .../java/org/apache/sqoop/server/RequestContext.java | 14 ++++++++++++-- 5 files changed, 39 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/sqoop/blob/37fec0ab/core/src/main/java/org/apache/sqoop/security/SecurityConstants.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/sqoop/security/SecurityConstants.java b/core/src/main/java/org/apache/sqoop/security/SecurityConstants.java index fd54862..6f32e04 100644 --- a/core/src/main/java/org/apache/sqoop/security/SecurityConstants.java +++ b/core/src/main/java/org/apache/sqoop/security/SecurityConstants.java @@ -67,6 +67,15 @@ public final class SecurityConstants { PREFIX_AUTHENTICATION_CONFIG + "kerberos."; /** + * The config specifies the default user. + */ + public static final String AUTHENTICATION_DEFAULT_USER = + PREFIX_AUTHENTICATION_CONFIG + "default.user"; + + public static final String AUTHENTICATION_DEFAULT_USER_DEFAULT = + "sqoop.anonymous.user"; + + /** * The config specifies the kerberos principal. * <tt>org.apache.sqoop.security.authentication.kerberos.principal</tt>. */ http://git-wip-us.apache.org/repos/asf/sqoop/blob/37fec0ab/core/src/main/java/org/apache/sqoop/security/SecurityError.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/sqoop/security/SecurityError.java b/core/src/main/java/org/apache/sqoop/security/SecurityError.java index 9f85b9e..988e425 100644 --- a/core/src/main/java/org/apache/sqoop/security/SecurityError.java +++ b/core/src/main/java/org/apache/sqoop/security/SecurityError.java @@ -64,7 +64,10 @@ public enum SecurityError implements ErrorCode { AUTH_0013("Unable to get principal from http request"), /** Authorization Exception, used by authorization implementation, etc. Sentry. */ - AUTH_0014("Authorization exception"); + AUTH_0014("Authorization exception"), + + /** Don't support to grant/remoke privileges for default user. */ + AUTH_0015("Cannot grant/revoke privileges for default user"); private final String message; http://git-wip-us.apache.org/repos/asf/sqoop/blob/37fec0ab/dist/src/main/server/conf/sqoop.properties ---------------------------------------------------------------------- diff --git a/dist/src/main/server/conf/sqoop.properties b/dist/src/main/server/conf/sqoop.properties index ba6e09f..fe8bcce 100755 --- a/dist/src/main/server/conf/sqoop.properties +++ b/dist/src/main/server/conf/sqoop.properties @@ -158,6 +158,9 @@ org.apache.sqoop.execution.engine=org.apache.sqoop.execution.mapreduce.Mapreduce #org.apache.sqoop.security.authentication.proxyuser.#USER#.groups=* #org.apache.sqoop.security.authentication.proxyuser.#USER#.hosts=* +# Default user, default value is "sqoop.anonymous.user" +#org.apache.sqoop.security.authentication.default.user= + # # Authorization configuration # http://git-wip-us.apache.org/repos/asf/sqoop/blob/37fec0ab/server/src/main/java/org/apache/sqoop/handler/AuthorizationRequestHandler.java ---------------------------------------------------------------------- diff --git a/server/src/main/java/org/apache/sqoop/handler/AuthorizationRequestHandler.java b/server/src/main/java/org/apache/sqoop/handler/AuthorizationRequestHandler.java index 43f0417..1ed63e4 100644 --- a/server/src/main/java/org/apache/sqoop/handler/AuthorizationRequestHandler.java +++ b/server/src/main/java/org/apache/sqoop/handler/AuthorizationRequestHandler.java @@ -20,6 +20,7 @@ package org.apache.sqoop.handler; import org.apache.log4j.Logger; import org.apache.sqoop.audit.AuditLoggerManager; import org.apache.sqoop.common.SqoopException; +import org.apache.sqoop.core.SqoopConfiguration; import org.apache.sqoop.error.code.CommonRepositoryError; import org.apache.sqoop.repository.Repository; import org.apache.sqoop.repository.RepositoryManager; @@ -31,6 +32,7 @@ import org.apache.sqoop.model.MResource; import org.apache.sqoop.model.MRole; import org.apache.sqoop.security.AuthorizationHandler; import org.apache.sqoop.security.AuthorizationManager; +import org.apache.sqoop.security.SecurityConstants; import org.apache.sqoop.security.SecurityError; import org.apache.sqoop.server.RequestContext; import org.apache.sqoop.server.RequestHandler; @@ -308,6 +310,15 @@ public class AuthorizationRequestHandler implements RequestHandler { // Get privilege object List<MPrivilege> privileges = privilegesBean == null ? null : privilegesBean.getPrivileges(); + String defaultUser = SqoopConfiguration.getInstance().getContext().getString( + SecurityConstants.AUTHENTICATION_DEFAULT_USER, + SecurityConstants.AUTHENTICATION_DEFAULT_USER_DEFAULT); + for (MPrincipal principal : principals) { + if (defaultUser.equals(principal.getName())) { + throw new SqoopException(SecurityError.AUTH_0015); + } + } + if (privileges != null) { for (MPrivilege privilege : privileges) { checkResourceExists(privilege.getResource()); http://git-wip-us.apache.org/repos/asf/sqoop/blob/37fec0ab/server/src/main/java/org/apache/sqoop/server/RequestContext.java ---------------------------------------------------------------------- diff --git a/server/src/main/java/org/apache/sqoop/server/RequestContext.java b/server/src/main/java/org/apache/sqoop/server/RequestContext.java index 492440f..f8401aa 100644 --- a/server/src/main/java/org/apache/sqoop/server/RequestContext.java +++ b/server/src/main/java/org/apache/sqoop/server/RequestContext.java @@ -20,7 +20,9 @@ package org.apache.sqoop.server; import org.apache.hadoop.security.authentication.client.PseudoAuthenticator; import org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation; import org.apache.sqoop.common.SqoopException; +import org.apache.sqoop.core.SqoopConfiguration; import org.apache.sqoop.security.AuthenticationManager; +import org.apache.sqoop.security.SecurityConstants; import org.apache.sqoop.server.common.ServerError; import javax.servlet.http.HttpServletRequest; @@ -121,10 +123,18 @@ public class RequestContext { * @return Name of user sending the request */ public String getUserName() { + String userName; if (AuthenticationManager.getInstance().getAuthenticationHandler().isSecurityEnabled()) { - return HttpUserGroupInformation.get().getShortUserName(); + userName = HttpUserGroupInformation.get().getShortUserName(); } else { - return request.getParameter(PseudoAuthenticator.USER_NAME); + userName = request.getParameter(PseudoAuthenticator.USER_NAME); } + + if (userName == null || userName.trim().isEmpty()) { + userName = SqoopConfiguration.getInstance().getContext().getString( + SecurityConstants.AUTHENTICATION_DEFAULT_USER, + SecurityConstants.AUTHENTICATION_DEFAULT_USER_DEFAULT); + } + return userName; } }
