SQOOP-2439: Sqoop2: NullPointerException when calling job status notification URL

(Dian Fu via Jarek Jarcec Cecho)

core/src/main/java/org/apache/sqoop/security/SecurityConstants.java

@@ -66,6 +66,15 @@ public final class SecurityConstants {
   public static final String PREFIX_AUTHENTICATION_KERBEROS_CONFIG =
           PREFIX_AUTHENTICATION_CONFIG + "kerberos.";
 
+  /**
+   * The config specifies the default user.
+   */
+  public static final String AUTHENTICATION_DEFAULT_USER =
+      PREFIX_AUTHENTICATION_CONFIG + "default.user";
+
+  public static final String AUTHENTICATION_DEFAULT_USER_DEFAULT =
+      "sqoop.anonymous.user";
+
   /**
    * The config specifies the kerberos principal.
    * <tt>org.apache.sqoop.security.authentication.kerberos.principal</tt>.

core/src/main/java/org/apache/sqoop/security/SecurityError.java

@@ -64,7 +64,10 @@ public enum SecurityError implements ErrorCode {
   AUTH_0013("Unable to get principal from http request"),
 
   /** Authorization Exception, used by authorization implementation, etc. Sentry. */
-  AUTH_0014("Authorization exception");
+  AUTH_0014("Authorization exception"),
+
+  /** Don't support to grant/remoke privileges for default user. */
+  AUTH_0015("Cannot grant/revoke privileges for default user");
 
   private final String message;
 

dist/src/main/server/conf/sqoop.properties

@@ -158,6 +158,9 @@ org.apache.sqoop.execution.engine=org.apache.sqoop.execution.mapreduce.Mapreduce
 #org.apache.sqoop.security.authentication.proxyuser.#USER#.groups=*
 #org.apache.sqoop.security.authentication.proxyuser.#USER#.hosts=*
 
+# Default user, default value is "sqoop.anonymous.user"
+#org.apache.sqoop.security.authentication.default.user=
+
 #
 # Authorization configuration
 #

server/src/main/java/org/apache/sqoop/handler/AuthorizationRequestHandler.java

@@ -20,6 +20,7 @@
 import org.apache.log4j.Logger;
 import org.apache.sqoop.audit.AuditLoggerManager;
 import org.apache.sqoop.common.SqoopException;
+import org.apache.sqoop.core.SqoopConfiguration;
 import org.apache.sqoop.error.code.CommonRepositoryError;
 import org.apache.sqoop.repository.Repository;
 import org.apache.sqoop.repository.RepositoryManager;
@@ -31,6 +32,7 @@
 import org.apache.sqoop.model.MRole;
 import org.apache.sqoop.security.AuthorizationHandler;
 import org.apache.sqoop.security.AuthorizationManager;
+import org.apache.sqoop.security.SecurityConstants;
 import org.apache.sqoop.security.SecurityError;
 import org.apache.sqoop.server.RequestContext;
 import org.apache.sqoop.server.RequestHandler;
@@ -308,6 +310,15 @@ private JsonBean grantRevokePrivilege(RequestContext ctx, boolean isGrant) {
     // Get privilege object
     List<MPrivilege> privileges = privilegesBean == null ? null : privilegesBean.getPrivileges();
 
+    String defaultUser = SqoopConfiguration.getInstance().getContext().getString(
+        SecurityConstants.AUTHENTICATION_DEFAULT_USER,
+        SecurityConstants.AUTHENTICATION_DEFAULT_USER_DEFAULT);
+    for (MPrincipal principal : principals) {
+      if (defaultUser.equals(principal.getName())) {
+        throw new SqoopException(SecurityError.AUTH_0015);
+      }
+    }
+
     if (privileges != null) {
       for (MPrivilege privilege : privileges) {
         checkResourceExists(privilege.getResource());

server/src/main/java/org/apache/sqoop/server/RequestContext.java

@@ -20,7 +20,9 @@
 import org.apache.hadoop.security.authentication.client.PseudoAuthenticator;
 import org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation;
 import org.apache.sqoop.common.SqoopException;
+import org.apache.sqoop.core.SqoopConfiguration;
 import org.apache.sqoop.security.AuthenticationManager;
+import org.apache.sqoop.security.SecurityConstants;
 import org.apache.sqoop.server.common.ServerError;
 
 import javax.servlet.http.HttpServletRequest;
@@ -121,10 +123,18 @@ public Locale getAcceptLanguageHeader() {
    * @return Name of user sending the request
    */
   public String getUserName() {
+    String userName;
     if (AuthenticationManager.getInstance().getAuthenticationHandler().isSecurityEnabled()) {
-      return HttpUserGroupInformation.get().getShortUserName();
+      userName = HttpUserGroupInformation.get().getShortUserName();
     } else {
-      return request.getParameter(PseudoAuthenticator.USER_NAME);
+      userName = request.getParameter(PseudoAuthenticator.USER_NAME);
     }
+
+    if (userName == null || userName.trim().isEmpty()) {
+      userName = SqoopConfiguration.getInstance().getContext().getString(
+          SecurityConstants.AUTHENTICATION_DEFAULT_USER,
+          SecurityConstants.AUTHENTICATION_DEFAULT_USER_DEFAULT);
+    }
+    return userName;
   }
 }