From 4570b05f8ce90aa38e5be453eb5456dce7a58697 Mon Sep 17 00:00:00 2001 From: Abraham Elmahrek Date: Sun, 8 Feb 2015 22:41:17 -0800 Subject: [PATCH] SQOOP-2079: Sqoop2: Remove useless functions for RBAC (Richard Zhou via Abraham Elmahrek) --- .../org/apache/sqoop/model/MPrincipal.java | 26 +-- .../org/apache/sqoop/model/MPrivilege.java | 46 +---- .../org/apache/sqoop/model/MResource.java | 26 +-- .../java/org/apache/sqoop/model/MRole.java | 22 +-- .../AuthorizationAccessController.java | 60 +----- .../sqoop/security/AuthorizationHandler.java | 64 +------ .../security/AuthorizationValidator.java | 5 +- .../Authorization/AuthorizationEngine.java | 2 +- .../DefaultAuthorizationAccessController.java | 175 ++++-------------- .../DefaultAuthorizationHandler.java | 133 +++---------- .../DefaultAuthorizationValidator.java | 3 + 11 files changed, 91 insertions(+), 471 deletions(-) diff --git a/common/src/main/java/org/apache/sqoop/model/MPrincipal.java b/common/src/main/java/org/apache/sqoop/model/MPrincipal.java index 061ffe52..471d63ed 100644 --- a/common/src/main/java/org/apache/sqoop/model/MPrincipal.java +++ b/common/src/main/java/org/apache/sqoop/model/MPrincipal.java @@ -22,7 +22,6 @@ */ public class MPrincipal { - private final String id; private final String name; /** * Currently, the type supports user, group and role. @@ -32,44 +31,25 @@ public class MPrincipal { /** * Default constructor to build new MPrincipal model. * - * @param id Principal id - * @param name Principal name - * @param type Principal type - */ - public MPrincipal(String id, - String name, - String type) { - this.id = id; - this.name = name; - this.type = type; - } - - /** - * Constructor to build new MPrincipal model. - * * @param name Principal name * @param type Principal type */ public MPrincipal(String name, String type) { - this(null, name, type); + this.name = name; + this.type = type; } @Override public String toString() { StringBuilder sb = new StringBuilder("Principal ("); - sb.append("Principal id: ").append(this.id); - sb.append(", Principal name: ").append(this.name); + sb.append("Principal name: ").append(this.name); sb.append(", Principal type: ").append(this.type); sb.append(" )"); return sb.toString(); } - public String getId() { - return id; - } - public String getName() { return name; } diff --git a/common/src/main/java/org/apache/sqoop/model/MPrivilege.java b/common/src/main/java/org/apache/sqoop/model/MPrivilege.java index 7d656eca..25f71953 100644 --- a/common/src/main/java/org/apache/sqoop/model/MPrivilege.java +++ b/common/src/main/java/org/apache/sqoop/model/MPrivilege.java @@ -22,8 +22,6 @@ */ public class MPrivilege { - private final String id; - private final String name; private final MResource resource; /** * Currently, the action supports view, use, create, update, delete and enable_disable. @@ -35,54 +33,22 @@ public class MPrivilege { /** * Default constructor to build new MPrivilege model. * - * @param id Privilege id - * @param name Privilege name * @param resource Privilege resource * @param action Privilege action * @param with_grant_option Privilege with_grant_option */ - public MPrivilege(String id, - String name, - MResource resource, + public MPrivilege(MResource resource, String action, boolean with_grant_option) { - this.id = id; - this.name = name; this.resource = resource; this.action = action; this.with_grant_option = with_grant_option; } - /** - * Constructor to build new MPrivilege model. - * - * @param name Privilege name - * @param resource Privilege resource - * @param action Privilege action - */ - public MPrivilege(String name, - MResource resource, - String action) { - this(null, name, resource, action, false); - } - - /** - * Constructor to build new MPrivilege model. - * - * @param resource Privilege resource - * @param action Privilege action - */ - public MPrivilege(MResource resource, - String action) { - this(null, resource, action); - } - @Override public String toString() { StringBuilder sb = new StringBuilder("Privilege ("); - sb.append("Privilege id: ").append(this.id); - sb.append(", Privilege name: ").append(this.name); - sb.append(", Privilege resource: ").append(this.getResource().toString()); + sb.append("Privilege resource: ").append(this.getResource().toString()); sb.append(", Privilege action: ").append(this.action); sb.append(", Privilege with_grant_option: ").append(this.with_grant_option); sb.append(" )"); @@ -90,14 +56,6 @@ public String toString() { return sb.toString(); } - public String getId() { - return id; - } - - public String getName() { - return name; - } - public MResource getResource() { return resource; } diff --git a/common/src/main/java/org/apache/sqoop/model/MResource.java b/common/src/main/java/org/apache/sqoop/model/MResource.java index 8e519e5b..b21ce193 100644 --- a/common/src/main/java/org/apache/sqoop/model/MResource.java +++ b/common/src/main/java/org/apache/sqoop/model/MResource.java @@ -22,7 +22,6 @@ */ public class MResource { - private final String id; private final String name; /** * Currently, the type supports connector, link, job and submission. @@ -32,44 +31,25 @@ public class MResource { /** * Default constructor to build new MResource model. * - * @param id Resource id - * @param name Resource name - * @param type Resource type - */ - public MResource(String id, - String name, - String type) { - this.id = id; - this.name = name; - this.type = type; - } - - /** - * Constructor to build new MResource model. - * * @param name Resource name * @param type Resource type */ public MResource(String name, String type) { - this(null, name, type); + this.name = name; + this.type = type; } @Override public String toString() { StringBuilder sb = new StringBuilder("Resource ("); - sb.append("Resource id: ").append(this.id); - sb.append(", Resource name: ").append(this.name); + sb.append("Resource name: ").append(this.name); sb.append(", Resource type: ").append(this.type); sb.append(" )"); return sb.toString(); } - public String getId() { - return id; - } - public String getName() { return name; } diff --git a/common/src/main/java/org/apache/sqoop/model/MRole.java b/common/src/main/java/org/apache/sqoop/model/MRole.java index 359fa09b..f9719c73 100644 --- a/common/src/main/java/org/apache/sqoop/model/MRole.java +++ b/common/src/main/java/org/apache/sqoop/model/MRole.java @@ -22,44 +22,26 @@ */ public class MRole { - private final String id; private final String name; /** * Default constructor to build new MRole model. * - * @param id Role id - * @param name Role name - */ - public MRole(String id, - String name) { - this.id = id; - this.name = name; - } - - /** - * Constructor to build new MRole model. - * * @param name Role name */ public MRole(String name) { - this(null, name); + this.name = name; } @Override public String toString() { StringBuilder sb = new StringBuilder("Role ("); - sb.append("Role id: ").append(this.id); - sb.append(", Role name: ").append(this.name); + sb.append("Role name: ").append(this.name); sb.append(" )"); return sb.toString(); } - public String getId() { - return id; - } - public String getName() { return name; } diff --git a/core/src/main/java/org/apache/sqoop/security/AuthorizationAccessController.java b/core/src/main/java/org/apache/sqoop/security/AuthorizationAccessController.java index 54fa556e..8dbe7047 100644 --- a/core/src/main/java/org/apache/sqoop/security/AuthorizationAccessController.java +++ b/core/src/main/java/org/apache/sqoop/security/AuthorizationAccessController.java @@ -25,7 +25,7 @@ import java.util.List; -/*** +/** * AuthorizationAccessController is responsible for managing access rule and principal. */ public abstract class AuthorizationAccessController { @@ -33,43 +33,19 @@ public abstract class AuthorizationAccessController { /** * Role related function */ + public abstract void createRole(MRole role) throws SqoopException; + + public abstract void dropRole(MRole role) throws SqoopException; + public abstract List getAllRoles() throws SqoopException; - public abstract MRole getRole(String name) throws SqoopException; - public abstract List getRolesByPrincipal(MPrincipal principal) throws SqoopException; - public abstract List getRolesByPrivilege(MPrivilege privilege) throws SqoopException; - - public abstract void createRole(String name) throws SqoopException; - - public abstract void updateRole(String old_name, String new_name) throws SqoopException; - - public abstract void removeRole(String name) throws SqoopException; - /** * Principal related function */ - public abstract List getAllPrincipals() throws SqoopException; - - public abstract List getPrincipalsByName(String name) throws SqoopException; - - public abstract List getPrincipalsByType(String type) throws SqoopException; - - public abstract MPrincipal getPrincipal(String name, String type) throws SqoopException; - public abstract List getPrincipalsByRole(MRole role) throws SqoopException; - public abstract void createPrincipal(String name, String type) throws SqoopException; - - public abstract void updatePrincipal(MPrincipal old_principal, MPrincipal new_principal) throws SqoopException; - - public abstract void removePrincipalsByName(String name) throws SqoopException; - - public abstract void removePrincipalsByType(String type) throws SqoopException; - - public abstract void removePrincipal(MPrincipal principal) throws SqoopException; - public abstract void grantRole(List principals, List roles) throws SqoopException; public abstract void revokeRole(List principals, List roles) throws SqoopException; @@ -77,38 +53,14 @@ public abstract class AuthorizationAccessController { /** * Resource related function */ - public abstract List getAllResources() throws SqoopException; - - public abstract List getResourcesByType(String type) throws SqoopException; - - public abstract MResource getResource(String name, String type) throws SqoopException; - - public abstract void createResource(String name, String type) throws SqoopException; - public abstract void updateResource(MResource old_resource, MResource new_resource) throws SqoopException; - public abstract void removeResourcesByType(String type) throws SqoopException; - public abstract void removeResource(MResource resource) throws SqoopException; /** * Privilege related function */ - public abstract List getAllPrivileges() throws SqoopException; - - public abstract MPrivilege getPrivilegeByName(String name) throws SqoopException; - - public abstract List getPrivilegesByResource(MResource resource) throws SqoopException; - - public abstract List getPrivilegesByRole(MRole role) throws SqoopException; - - public abstract void createPrivilege(String name, MResource resource, String action, boolean with_grant_option) throws SqoopException; - - public abstract void updatePrivilege(MPrivilege old_privilege, MPrivilege new_privilege) throws SqoopException; - - public abstract void removePrivilege(String name) throws SqoopException; - - public abstract void removePrivilegesByResource(MResource resource) throws SqoopException; + public abstract List getPrivilegesByPrincipal(MPrincipal principal, MResource resource) throws SqoopException; public abstract void grantPrivileges(List principals, List privileges) throws SqoopException; diff --git a/core/src/main/java/org/apache/sqoop/security/AuthorizationHandler.java b/core/src/main/java/org/apache/sqoop/security/AuthorizationHandler.java index 5f3231be..7d60a014 100644 --- a/core/src/main/java/org/apache/sqoop/security/AuthorizationHandler.java +++ b/core/src/main/java/org/apache/sqoop/security/AuthorizationHandler.java @@ -17,7 +17,6 @@ */ package org.apache.sqoop.security; -import org.apache.log4j.Logger; import org.apache.sqoop.common.SqoopException; import org.apache.sqoop.model.MPrincipal; import org.apache.sqoop.model.MPrivilege; @@ -26,7 +25,7 @@ import java.util.List; -/*** +/** * AuthorizationHandler is responsible for controlling role based access. */ public abstract class AuthorizationHandler { @@ -36,43 +35,19 @@ public abstract class AuthorizationHandler { /** * Role related function */ + public abstract void createRole(MRole role) throws SqoopException; + + public abstract void dropRole(MRole role) throws SqoopException; + public abstract List getAllRoles() throws SqoopException; - public abstract MRole getRole(String name) throws SqoopException; - public abstract List getRolesByPrincipal(MPrincipal principal) throws SqoopException; - public abstract List getRolesByPrivilege(MPrivilege privilege) throws SqoopException; - - public abstract void createRole(String name) throws SqoopException; - - public abstract void updateRole(String old_name, String new_name) throws SqoopException; - - public abstract void removeRole(String name) throws SqoopException; - /** * Principal related function */ - public abstract List getAllPrincipals() throws SqoopException; - - public abstract List getPrincipalsByName(String name) throws SqoopException; - - public abstract List getPrincipalsByType(String type) throws SqoopException; - - public abstract MPrincipal getPrincipal(String name, String type) throws SqoopException; - public abstract List getPrincipalsByRole(MRole role) throws SqoopException; - public abstract void createPrincipal(String name, String type) throws SqoopException; - - public abstract void updatePrincipal(MPrincipal old_principal, MPrincipal new_principal) throws SqoopException; - - public abstract void removePrincipalsByName(String name) throws SqoopException; - - public abstract void removePrincipalsByType(String type) throws SqoopException; - - public abstract void removePrincipal(MPrincipal principal) throws SqoopException; - public abstract void grantRole(List principals, List roles) throws SqoopException; public abstract void revokeRole(List principals, List roles) throws SqoopException; @@ -80,42 +55,21 @@ public abstract class AuthorizationHandler { /** * Resource related function */ - public abstract List getAllResources() throws SqoopException; - - public abstract List getResourcesByType(String type) throws SqoopException; - - public abstract MResource getResource(String name, String type) throws SqoopException; - - public abstract void createResource(String name, String type) throws SqoopException; - public abstract void updateResource(MResource old_resource, MResource new_resource) throws SqoopException; - public abstract void removeResourcesByType(String type) throws SqoopException; - public abstract void removeResource(MResource resource) throws SqoopException; /** * Privilege related function */ - public abstract List getAllPrivileges() throws SqoopException; - - public abstract MPrivilege getPrivilegeByName(String name) throws SqoopException; - - public abstract List getPrivilegesByResource(MResource resource) throws SqoopException; - - public abstract List getPrivilegesByRole(MRole role) throws SqoopException; - - public abstract void createPrivilege(String name, MResource resource, String action, boolean with_grant_option) throws SqoopException; - - public abstract void updatePrivilege(MPrivilege old_privilege, MPrivilege new_privilege) throws SqoopException; - - public abstract void removePrivilege(String name) throws SqoopException; - - public abstract void removePrivilegesByResource(MResource resource) throws SqoopException; + public abstract List getPrivilegesByPrincipal(MPrincipal principal, MResource resource) throws SqoopException; public abstract void grantPrivileges(List principals, List privileges) throws SqoopException; public abstract void revokePrivileges(List principals, List privileges) throws SqoopException; + /** + * Validator related function + */ public abstract void checkPrivileges(MPrincipal principal, List privileges) throws SqoopException; } \ No newline at end of file diff --git a/core/src/main/java/org/apache/sqoop/security/AuthorizationValidator.java b/core/src/main/java/org/apache/sqoop/security/AuthorizationValidator.java index c6482fbe..9c032a98 100644 --- a/core/src/main/java/org/apache/sqoop/security/AuthorizationValidator.java +++ b/core/src/main/java/org/apache/sqoop/security/AuthorizationValidator.java @@ -23,11 +23,14 @@ import java.util.List; -/*** +/** * AuthorizationHandler is responsible for checking access. */ public abstract class AuthorizationValidator { + /** + * Validator related function + */ public abstract void checkPrivileges(MPrincipal principal, List privileges) throws SqoopException; } \ No newline at end of file diff --git a/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java b/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java index 24bd6f11..bb1ce3b7 100644 --- a/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java +++ b/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java @@ -172,7 +172,7 @@ private static MPrivilege getPrivilege(ResourceType resourceType, // Do a transfer. "all" means global instances in Restful API, whilst empty // string means global instances in role based access controller. resourceId = (resourceId == null || resourceId.equals("all")) ? StringUtils.EMPTY : resourceId; - return new MPrivilege(new MResource(resourceId, resourceType.name()), privilegeActionType.name()); + return new MPrivilege(new MResource(resourceId, resourceType.name()), privilegeActionType.name(), false); } private static void checkPrivilege(MPrivilege... privileges) { diff --git a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationAccessController.java b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationAccessController.java index 02f8f3b1..e84c7be0 100644 --- a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationAccessController.java +++ b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationAccessController.java @@ -25,7 +25,6 @@ import org.apache.sqoop.model.MRole; import org.apache.sqoop.security.AuthorizationAccessController; -import java.security.Principal; import java.util.List; public class DefaultAuthorizationAccessController extends AuthorizationAccessController { @@ -35,101 +34,42 @@ public class DefaultAuthorizationAccessController extends AuthorizationAccessCon /** * Role related function */ + @Override + public void createRole(MRole role) throws SqoopException { + LOG.debug("Create role in default authorization access controller: empty function"); + LOG.debug("role: " + role.toString()); + } + + @Override + public void dropRole(MRole role) throws SqoopException { + LOG.debug("Remove role in default authorization access controller: empty function"); + LOG.debug("role: " + role.toString()); + } + + @Override public List getAllRoles() throws SqoopException { LOG.debug("Get all roles in default authorization access controller: return null"); return null; } - public MRole getRole(String name) throws SqoopException { - LOG.debug("Get role in default authorization access controller: return null"); - LOG.debug("name: " + name); - return null; - } - + @Override public List getRolesByPrincipal(MPrincipal principal) throws SqoopException { LOG.debug("Get roles by principal in default authorization access controller: return null"); LOG.debug("principal: " + principal.toString()); return null; } - public List getRolesByPrivilege(MPrivilege privilege) throws SqoopException { - LOG.debug("Get roles by privilege in default authorization access controller: return null"); - LOG.debug("privilege: " + privilege.toString()); - return null; - } - - public void createRole(String name) throws SqoopException { - LOG.debug("Create role in default authorization access controller: empty function"); - LOG.debug("name: " + name); - } - - public void updateRole(String old_name, String new_name) throws SqoopException { - LOG.debug("Update role in default authorization access controller: empty function"); - LOG.debug("old name: " + old_name + ", new name: " + new_name); - } - - public void removeRole(String name) throws SqoopException { - LOG.debug("Remove role in default authorization access controller: empty function"); - LOG.debug("name: " + name); - } - /** * Principal related function */ - public List getAllPrincipals() throws SqoopException { - LOG.debug("Get all principals in default authorization access controller: return null"); - return null; - } - - public List getPrincipalsByName(String name) throws SqoopException { - LOG.debug("Get principals by name in default authorization access controller: return null"); - LOG.debug("name: " + name); - return null; - } - - public List getPrincipalsByType(String type) throws SqoopException { - LOG.debug("Get principals by type in default authorization access controller: return null"); - LOG.debug("type: " + type); - return null; - } - - public MPrincipal getPrincipal(String name, String type) throws SqoopException { - LOG.debug("Get principal in default authorization access controller: return null"); - LOG.debug("name: " + name + ", type: " + type); - return null; - } - + @Override public List getPrincipalsByRole(MRole role) throws SqoopException { LOG.debug("Get principals by role in default authorization access controller: return null"); LOG.debug("role: " + role.toString()); return null; } - public void createPrincipal(String name, String type) throws SqoopException { - LOG.debug("Create principal in default authorization access controller: empty function"); - LOG.debug("name: " + name + ", type: " + type); - } - - public void updatePrincipal(MPrincipal old_principal, MPrincipal new_principal) throws SqoopException { - LOG.debug("Update principal in default authorization access controller: empty function"); - LOG.debug("old principal: " + old_principal + ", new principal: " + new_principal); - } - - public void removePrincipalsByName(String name) throws SqoopException { - LOG.debug("Remove principals by name in default authorization access controller: empty function"); - LOG.debug("name: " + name); - } - - public void removePrincipalsByType(String type) throws SqoopException { - LOG.debug("Remove principals by type in default authorization access controller: empty function"); - LOG.debug("type: " + type); - } - - public void removePrincipal(MPrincipal principal) throws SqoopException { - LOG.debug("Remove principal in default authorization access controller: empty function"); - LOG.debug("principal: " + principal.toString()); - } - + @Override public void grantRole(List principals, List roles) throws SqoopException { LOG.debug("Grant role in default authorization access controller: empty function"); for (MPrincipal principal : principals) { @@ -140,6 +80,7 @@ public void grantRole(List principals, List roles) throws Sqo } } + @Override public void revokeRole(List principals, List roles) throws SqoopException { LOG.debug("Revoke role in default authorization access controller: empty function"); for (MPrincipal principal : principals) { @@ -153,38 +94,13 @@ public void revokeRole(List principals, List roles) throws Sq /** * Resource related function */ - public List getAllResources() throws SqoopException { - LOG.debug("Get all resources in default authorization access controller: return null"); - return null; - } - - public List getResourcesByType(String type) throws SqoopException { - LOG.debug("Get resources by type in default authorization access controller: return null"); - LOG.debug("type: " + type); - return null; - } - - public MResource getResource(String name, String type) throws SqoopException { - LOG.debug("Get resource in default authorization access controller: return null"); - LOG.debug("name: " + name + ", type: " + type); - return null; - } - - public void createResource(String name, String type) throws SqoopException { - LOG.debug("Create resource in default authorization access controller: empty function"); - LOG.debug("name: " + name + ", type: " + type); - } - + @Override public void updateResource(MResource old_resource, MResource new_resource) throws SqoopException { LOG.debug("Update resource in default authorization access controller: empty function"); LOG.debug("old_resource: " + old_resource + ", new_resource: " + new_resource); } - public void removeResourcesByType(String type) throws SqoopException { - LOG.debug("Remove resource by type in default authorization access controller: empty function"); - LOG.debug("type: " + type); - } - + @Override public void removeResource(MResource resource) throws SqoopException { LOG.debug("Remove resource in default authorization access controller: empty function"); LOG.debug("resource: " + resource.toString()); @@ -193,49 +109,17 @@ public void removeResource(MResource resource) throws SqoopException { /** * Privilege related function */ - public List getAllPrivileges() throws SqoopException { - LOG.debug("Get all privileges in default authorization access controller: return null"); - return null; - } - - public MPrivilege getPrivilegeByName(String name) throws SqoopException { - LOG.debug("Get privileges by name in default authorization access controller: return null"); - LOG.debug("name: " + name); - return null; - } - - public List getPrivilegesByResource(MResource resource) throws SqoopException { - LOG.debug("Get privileges by resource in default authorization access controller: return null"); - LOG.debug("resource: " + resource.toString()); - return null; - } - - public List getPrivilegesByRole(MRole role) throws SqoopException { + @Override + public List getPrivilegesByPrincipal(MPrincipal principal, MResource resource) throws SqoopException { LOG.debug("Get privileges by role in default authorization access controller: return null"); - LOG.debug("role: " + role.toString()); + LOG.debug("principal: " + principal.toString()); + if (resource != null) { //Get all privileges on principal + LOG.debug("resource: " + resource.toString()); + } return null; } - public void createPrivilege(String name, MResource resource, String action, boolean with_grant_option) throws SqoopException { - LOG.debug("Create privilege in default authorization access controller: empty function"); - LOG.debug("name: " + name + ", resource: " + resource.toString() + ", action: " + action + ", with grant option: " + with_grant_option); - } - - public void updatePrivilege(MPrivilege old_privilege, MPrivilege new_privilege) throws SqoopException { - LOG.debug("Update privilege in default authorization access controller: empty function"); - LOG.debug("old_privilege: " + old_privilege + ", new_privilege: " + new_privilege); - } - - public void removePrivilege(String name) throws SqoopException { - LOG.debug("Remove privilege in default authorization access controller: empty function"); - LOG.debug("name: " + name); - } - - public void removePrivilegesByResource(MResource resource) throws SqoopException { - LOG.debug("Remove privileges by resource in default authorization access controller: empty function"); - LOG.debug("resource: " + resource.toString()); - } - + @Override public void grantPrivileges(List principals, List privileges) throws SqoopException { LOG.debug("Grant privileges in default authorization access controller: empty function"); for (MPrincipal principal : principals) { @@ -246,13 +130,16 @@ public void grantPrivileges(List principals, List privil } } + @Override public void revokePrivileges(List principals, List privileges) throws SqoopException { LOG.debug("Revoke privileges in default authorization access controller: empty function"); for (MPrincipal principal : principals) { LOG.debug("principal: " + principal.toString()); } - for (MPrivilege privilege : privileges) { - LOG.debug("privilege: " + privilege.toString()); + if (privileges != null) { //Revoke all privileges on principal + for (MPrivilege privilege : privileges) { + LOG.debug("privilege: " + privilege.toString()); + } } } } \ No newline at end of file diff --git a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationHandler.java b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationHandler.java index 8e63b86f..c60b8a5a 100644 --- a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationHandler.java +++ b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationHandler.java @@ -73,6 +73,7 @@ public void setAuthenticationProvider(AuthenticationProvider authenticationProvi this.authenticationProvider = authenticationProvider; } + @Override public void doInitialize(AuthenticationProvider provider) throws ClassNotFoundException, IllegalAccessException, InstantiationException { MapContext mapContext = SqoopConfiguration.getInstance().getContext(); String accessController = mapContext.getString( @@ -91,81 +92,40 @@ public void doInitialize(AuthenticationProvider provider) throws ClassNotFoundEx /** * Role related function */ + @Override + public void createRole(MRole role) throws SqoopException { + this.authorizationAccessController.createRole(role); + } + + @Override + public void dropRole(MRole role) throws SqoopException { + this.authorizationAccessController.dropRole(role); + } + + @Override public List getAllRoles() throws SqoopException { return this.authorizationAccessController.getAllRoles(); } - public MRole getRole(String name) throws SqoopException { - return this.authorizationAccessController.getRole(name); - } - + @Override public List getRolesByPrincipal(MPrincipal principal) throws SqoopException { return this.authorizationAccessController.getRolesByPrincipal(principal); } - public List getRolesByPrivilege(MPrivilege privilege) throws SqoopException { - return this.authorizationAccessController.getRolesByPrivilege(privilege); - } - - public void createRole(String name) throws SqoopException { - this.authorizationAccessController.createRole(name); - } - - public void updateRole(String old_name, String new_name) throws SqoopException { - this.authorizationAccessController.updateRole(old_name, new_name); - } - - public void removeRole(String name) throws SqoopException { - this.authorizationAccessController.removeRole(name); - } - /** * Principal related function */ - public List getAllPrincipals() throws SqoopException { - return this.authorizationAccessController.getAllPrincipals(); - } - - public List getPrincipalsByName(String name) throws SqoopException { - return this.authorizationAccessController.getPrincipalsByName(name); - } - - public List getPrincipalsByType(String type) throws SqoopException { - return this.authorizationAccessController.getPrincipalsByType(type); - } - - public MPrincipal getPrincipal(String name, String type) throws SqoopException { - return this.authorizationAccessController.getPrincipal(name, type); - } - + @Override public List getPrincipalsByRole(MRole role) throws SqoopException { return this.authorizationAccessController.getPrincipalsByRole(role); } - public void createPrincipal(String name, String type) throws SqoopException { - this.authorizationAccessController.createPrincipal(name, type); - } - - public void updatePrincipal(MPrincipal old_principal, MPrincipal new_principal) throws SqoopException { - this.authorizationAccessController.updatePrincipal(old_principal, new_principal); - } - - public void removePrincipalsByName(String name) throws SqoopException { - this.authorizationAccessController.removePrincipalsByName(name); - } - - public void removePrincipalsByType(String type) throws SqoopException { - this.authorizationAccessController.removePrincipalsByType(type); - } - - public void removePrincipal(MPrincipal principal) throws SqoopException { - this.authorizationAccessController.removePrincipal(principal); - } - + @Override public void grantRole(List principals, List roles) throws SqoopException { this.authorizationAccessController.grantRole(principals, roles); } + @Override public void revokeRole(List principals, List roles) throws SqoopException { this.authorizationAccessController.revokeRole(principals, roles); } @@ -173,30 +133,12 @@ public void revokeRole(List principals, List roles) throws Sq /** * Resource related function */ - public List getAllResources() throws SqoopException { - return this.authorizationAccessController.getAllResources(); - } - - public List getResourcesByType(String type) throws SqoopException { - return this.authorizationAccessController.getResourcesByType(type); - } - - public MResource getResource(String name, String type) throws SqoopException { - return this.authorizationAccessController.getResource(name, type); - } - - public void createResource(String name, String type) throws SqoopException { - this.authorizationAccessController.createResource(name, type); - } - + @Override public void updateResource(MResource old_resource, MResource new_resource) throws SqoopException { this.authorizationAccessController.updateResource(old_resource, new_resource); } - public void removeResourcesByType(String type) throws SqoopException { - this.authorizationAccessController.removeResourcesByType(type); - } - + @Override public void removeResource(MResource resource) throws SqoopException { this.authorizationAccessController.removeResource(resource); } @@ -204,46 +146,25 @@ public void removeResource(MResource resource) throws SqoopException { /** * Privilege related function */ - public List getAllPrivileges() throws SqoopException { - return this.authorizationAccessController.getAllPrivileges(); - } - - public MPrivilege getPrivilegeByName(String name) throws SqoopException { - return this.authorizationAccessController.getPrivilegeByName(name); - } - - public List getPrivilegesByResource(MResource resource) throws SqoopException { - return this.authorizationAccessController.getPrivilegesByResource(resource); - } - - public List getPrivilegesByRole(MRole role) throws SqoopException { - return this.authorizationAccessController.getPrivilegesByRole(role); - } - - public void createPrivilege(String name, MResource resource, String action, boolean with_grant_option) throws SqoopException { - this.authorizationAccessController.createPrivilege(name, resource, action, with_grant_option); - } - - public void updatePrivilege(MPrivilege old_privilege, MPrivilege new_privilege) throws SqoopException { - this.authorizationAccessController.updatePrivilege(old_privilege, new_privilege); - } - - public void removePrivilege(String name) throws SqoopException { - this.authorizationAccessController.removePrivilege(name); - } - - public void removePrivilegesByResource(MResource resource) throws SqoopException { - this.authorizationAccessController.removePrivilegesByResource(resource); + @Override + public List getPrivilegesByPrincipal(MPrincipal principal, MResource resource) throws SqoopException { + return this.authorizationAccessController.getPrivilegesByPrincipal(principal, resource); } + @Override public void grantPrivileges(List principals, List privileges) throws SqoopException { this.authorizationAccessController.grantPrivileges(principals, privileges); } + @Override public void revokePrivileges(List principals, List privileges) throws SqoopException { this.authorizationAccessController.revokePrivileges(principals, privileges); } + /** + * Validator related function + */ + @Override public void checkPrivileges(MPrincipal principal, List privileges) throws SqoopException { this.authorizationValidator.checkPrivileges(principal, privileges); } diff --git a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationValidator.java b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationValidator.java index bbde2816..aa8fe8dc 100644 --- a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationValidator.java +++ b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationValidator.java @@ -29,6 +29,9 @@ public class DefaultAuthorizationValidator extends AuthorizationValidator { private static final Logger LOG = Logger.getLogger(DefaultAuthorizationValidator.class); + /** + * Validator related function + */ public void checkPrivileges(MPrincipal principal, List privileges) throws SqoopException { LOG.debug("Check privilege in default authorization validator: always valid"); LOG.debug("principal: " + principal.toString());