SQOOP-2255: Sqoop2: Throw Exception when no permission to the resource

(Richard Zhou via Abraham Elmahrek)
2025-05-16 17:00:53 +08:00 · 2015-03-25 21:51:54 -07:00 · 2015-03-25 21:51:54 -07:00 · 615265db2d
commit 615265db2d
parent 06f6ceceb9
6 changed files with 36 additions and 18 deletions
--- a/common/src/main/java/org/apache/sqoop/error/code/CommonRepositoryError.java
+++ b/common/src/main/java/org/apache/sqoop/error/code/CommonRepositoryError.java
@ -212,6 +212,9 @@ public enum CommonRepositoryError implements ErrorCode {

  COMMON_0056("Unable to update  USER_ONLY editable config"),

+  /** We can't restore specific connector**/
+  COMMON_0057("Unable to load specific connector"),
+
  ;

  private final String message;
--- a/core/src/main/java/org/apache/sqoop/connector/ConnectorManager.java
+++ b/core/src/main/java/org/apache/sqoop/connector/ConnectorManager.java
@ -35,6 +35,7 @@
 import org.apache.sqoop.core.Reconfigurable;
 import org.apache.sqoop.core.SqoopConfiguration;
 import org.apache.sqoop.core.SqoopConfiguration.CoreConfigurationListener;
+import org.apache.sqoop.error.code.CommonRepositoryError;
 import org.apache.sqoop.error.code.ConnectorError;
 import org.apache.sqoop.model.MConnector;
 import org.apache.sqoop.repository.Repository;
@ -129,7 +130,8 @@ public ResourceBundle getResourceBundle(long connectorId, Locale locale) {
  public MConnector getConnectorConfigurable(long connectorId) {
    ConnectorHandler handler = handlerMap.get(idToNameMap.get(connectorId));
    if (handler == null) {
-      return null;
+      throw new SqoopException(CommonRepositoryError.COMMON_0057, "Couldn't find"
+              + " connector with id " + connectorId);
    }
    return handler.getConnectorConfigurable();
  }
--- a/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java
+++ b/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java
@ -26,9 +26,12 @@
 import org.apache.log4j.Logger;
 import org.apache.sqoop.common.SqoopException;
 import org.apache.sqoop.model.*;
+import org.apache.sqoop.repository.Repository;
+import org.apache.sqoop.repository.RepositoryManager;
 import org.apache.sqoop.security.AuthorizationHandler;
 import org.apache.sqoop.security.AuthorizationManager;

+import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.List;
@ -58,9 +61,20 @@ public boolean apply(T input) {
    return Lists.newArrayList(collection);
  }

+  /**
+   * Connector related function
+   */
+  public static void readConnector(String connectorId) throws SqoopException {
+    checkPrivilege(getPrivilege(MResource.TYPE.CONNECTOR, connectorId, MPrivilege.ACTION.READ));
+  }
+
  /**
   * Link related function
   */
+  public static void readLink(String linkId) throws SqoopException {
+    checkPrivilege(getPrivilege(MResource.TYPE.LINK, linkId, MPrivilege.ACTION.READ));
+  }
+
  public static void createLink(String connectorId) throws SqoopException {
    checkPrivilege(getPrivilege(MResource.TYPE.CONNECTOR, connectorId, MPrivilege.ACTION.READ));
  }
@ -82,6 +96,10 @@ public static void enableDisableLink(String linkId) throws SqoopException {
  /**
   * Job related function
   */
+  public static void readJob(String jobId) throws SqoopException {
+    checkPrivilege(getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.READ));
+  }
+
  public static void createJob(String linkId1, String linkId2) throws SqoopException {
    MPrivilege privilege1 = getPrivilege(MResource.TYPE.LINK, linkId1, MPrivilege.ACTION.READ);
    MPrivilege privilege2 = getPrivilege(MResource.TYPE.LINK, linkId2, MPrivilege.ACTION.READ);
--- a/server/src/main/java/org/apache/sqoop/handler/ConnectorRequestHandler.java
+++ b/server/src/main/java/org/apache/sqoop/handler/ConnectorRequestHandler.java
@ -17,8 +17,8 @@
 */
 package org.apache.sqoop.handler;

+import java.util.Arrays;
 import java.util.HashMap;
-import java.util.LinkedList;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
@ -80,19 +80,18 @@ public JsonBean handleEvent(RequestContext ctx) {
      // NOTE: connectorId is a fallback for older sqoop clients if any, since we want to primarily use unique conenctorNames
      long cId = HandlerUtils.getConnectorIdFromIdentifier(cIdentifier);

-      connectors = new LinkedList<MConnector>();
      configParamBundles = new HashMap<Long, ResourceBundle>();

-      connectors.add(ConnectorManager.getInstance().getConnectorConfigurable(cId));
+      MConnector connector = ConnectorManager.getInstance().getConnectorConfigurable(cId);
      configParamBundles.put(cId, ConnectorManager.getInstance().getResourceBundle(cId, locale));

      AuditLoggerManager.getInstance().logAuditEvent(ctx.getUserName(),
          ctx.getRequest().getRemoteAddr(), "get", "connector", String.valueOf(cIdentifier));

      // Authorization check
-      connectors = AuthorizationEngine.filterResource(MResource.TYPE.CONNECTOR, connectors);
+      AuthorizationEngine.readConnector(String.valueOf(connector.getPersistenceId()));

-      return new ConnectorBean(connectors, configParamBundles);
+      return new ConnectorBean(Arrays.asList(connector), configParamBundles);
    }
  }
 }
--- a/server/src/main/java/org/apache/sqoop/handler/JobRequestHandler.java
+++ b/server/src/main/java/org/apache/sqoop/handler/JobRequestHandler.java
@ -18,7 +18,7 @@
 package org.apache.sqoop.handler;

 import java.io.IOException;
-import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.List;
 import java.util.Locale;

@ -306,14 +306,12 @@ private JsonBean getJobs(RequestContext ctx) {
          ctx.getRequest().getRemoteAddr(), "get", "job", connectorIdentifier);

      long jobId = HandlerUtils.getJobIdFromIdentifier(connectorIdentifier, repository);
-      List<MJob> jobList = new ArrayList<MJob>();
-      // a list of single element
-      jobList.add(repository.findJob(jobId));
+      MJob job = repository.findJob(jobId);

      // Authorization check
-      jobList = AuthorizationEngine.filterResource(MResource.TYPE.JOB, jobList);
+      AuthorizationEngine.readJob(String.valueOf(job.getPersistenceId()));

-      jobBean = createJobBean(jobList, locale);
+      jobBean = createJobBean(Arrays.asList(job), locale);
    }
    return jobBean;
  }
--- a/server/src/main/java/org/apache/sqoop/handler/LinkRequestHandler.java
+++ b/server/src/main/java/org/apache/sqoop/handler/LinkRequestHandler.java
@ -18,7 +18,7 @@
 package org.apache.sqoop.handler;

 import java.io.IOException;
-import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.List;
 import java.util.Locale;

@ -234,14 +234,12 @@ private JsonBean getLinks(RequestContext ctx) {
          ctx.getRequest().getRemoteAddr(), "get", "link", identifier);

      long linkId = HandlerUtils.getLinkIdFromIdentifier(identifier, repository);
-      List<MLink> linkList = new ArrayList<MLink>();
-      // a list of single element
-      linkList.add(repository.findLink(linkId));
+      MLink link = repository.findLink(linkId);

      // Authorization check
-      linkList = AuthorizationEngine.filterResource(MResource.TYPE.LINK, linkList);
+      AuthorizationEngine.readLink(String.valueOf(link.getPersistenceId()));

-      linkBean = createLinkBean(linkList, locale);
+      linkBean = createLinkBean(Arrays.asList(link), locale);
    }
    return linkBean;
  }