From 615265db2d86f774cfdd1e2829d331902516312a Mon Sep 17 00:00:00 2001 From: Abraham Elmahrek Date: Wed, 25 Mar 2015 21:51:54 -0700 Subject: [PATCH] SQOOP-2255: Sqoop2: Throw Exception when no permission to the resource (Richard Zhou via Abraham Elmahrek) --- .../error/code/CommonRepositoryError.java | 3 +++ .../sqoop/connector/ConnectorManager.java | 4 +++- .../Authorization/AuthorizationEngine.java | 18 ++++++++++++++++++ .../sqoop/handler/ConnectorRequestHandler.java | 9 ++++----- .../sqoop/handler/JobRequestHandler.java | 10 ++++------ .../sqoop/handler/LinkRequestHandler.java | 10 ++++------ 6 files changed, 36 insertions(+), 18 deletions(-) diff --git a/common/src/main/java/org/apache/sqoop/error/code/CommonRepositoryError.java b/common/src/main/java/org/apache/sqoop/error/code/CommonRepositoryError.java index 7db31ddb..e5fbe2d5 100644 --- a/common/src/main/java/org/apache/sqoop/error/code/CommonRepositoryError.java +++ b/common/src/main/java/org/apache/sqoop/error/code/CommonRepositoryError.java @@ -212,6 +212,9 @@ public enum CommonRepositoryError implements ErrorCode { COMMON_0056("Unable to update USER_ONLY editable config"), + /** We can't restore specific connector**/ + COMMON_0057("Unable to load specific connector"), + ; private final String message; diff --git a/core/src/main/java/org/apache/sqoop/connector/ConnectorManager.java b/core/src/main/java/org/apache/sqoop/connector/ConnectorManager.java index 0b150468..05174130 100644 --- a/core/src/main/java/org/apache/sqoop/connector/ConnectorManager.java +++ b/core/src/main/java/org/apache/sqoop/connector/ConnectorManager.java @@ -35,6 +35,7 @@ import org.apache.sqoop.core.Reconfigurable; import org.apache.sqoop.core.SqoopConfiguration; import org.apache.sqoop.core.SqoopConfiguration.CoreConfigurationListener; +import org.apache.sqoop.error.code.CommonRepositoryError; import org.apache.sqoop.error.code.ConnectorError; import org.apache.sqoop.model.MConnector; import org.apache.sqoop.repository.Repository; @@ -129,7 +130,8 @@ public ResourceBundle getResourceBundle(long connectorId, Locale locale) { public MConnector getConnectorConfigurable(long connectorId) { ConnectorHandler handler = handlerMap.get(idToNameMap.get(connectorId)); if (handler == null) { - return null; + throw new SqoopException(CommonRepositoryError.COMMON_0057, "Couldn't find" + + " connector with id " + connectorId); } return handler.getConnectorConfigurable(); } diff --git a/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java b/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java index d261027f..333919d9 100644 --- a/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java +++ b/security/src/main/java/org/apache/sqoop/security/Authorization/AuthorizationEngine.java @@ -26,9 +26,12 @@ import org.apache.log4j.Logger; import org.apache.sqoop.common.SqoopException; import org.apache.sqoop.model.*; +import org.apache.sqoop.repository.Repository; +import org.apache.sqoop.repository.RepositoryManager; import org.apache.sqoop.security.AuthorizationHandler; import org.apache.sqoop.security.AuthorizationManager; +import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; import java.util.List; @@ -58,9 +61,20 @@ public boolean apply(T input) { return Lists.newArrayList(collection); } + /** + * Connector related function + */ + public static void readConnector(String connectorId) throws SqoopException { + checkPrivilege(getPrivilege(MResource.TYPE.CONNECTOR, connectorId, MPrivilege.ACTION.READ)); + } + /** * Link related function */ + public static void readLink(String linkId) throws SqoopException { + checkPrivilege(getPrivilege(MResource.TYPE.LINK, linkId, MPrivilege.ACTION.READ)); + } + public static void createLink(String connectorId) throws SqoopException { checkPrivilege(getPrivilege(MResource.TYPE.CONNECTOR, connectorId, MPrivilege.ACTION.READ)); } @@ -82,6 +96,10 @@ public static void enableDisableLink(String linkId) throws SqoopException { /** * Job related function */ + public static void readJob(String jobId) throws SqoopException { + checkPrivilege(getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.READ)); + } + public static void createJob(String linkId1, String linkId2) throws SqoopException { MPrivilege privilege1 = getPrivilege(MResource.TYPE.LINK, linkId1, MPrivilege.ACTION.READ); MPrivilege privilege2 = getPrivilege(MResource.TYPE.LINK, linkId2, MPrivilege.ACTION.READ); diff --git a/server/src/main/java/org/apache/sqoop/handler/ConnectorRequestHandler.java b/server/src/main/java/org/apache/sqoop/handler/ConnectorRequestHandler.java index 2305a514..570c9741 100644 --- a/server/src/main/java/org/apache/sqoop/handler/ConnectorRequestHandler.java +++ b/server/src/main/java/org/apache/sqoop/handler/ConnectorRequestHandler.java @@ -17,8 +17,8 @@ */ package org.apache.sqoop.handler; +import java.util.Arrays; import java.util.HashMap; -import java.util.LinkedList; import java.util.List; import java.util.Locale; import java.util.Map; @@ -80,19 +80,18 @@ public JsonBean handleEvent(RequestContext ctx) { // NOTE: connectorId is a fallback for older sqoop clients if any, since we want to primarily use unique conenctorNames long cId = HandlerUtils.getConnectorIdFromIdentifier(cIdentifier); - connectors = new LinkedList(); configParamBundles = new HashMap(); - connectors.add(ConnectorManager.getInstance().getConnectorConfigurable(cId)); + MConnector connector = ConnectorManager.getInstance().getConnectorConfigurable(cId); configParamBundles.put(cId, ConnectorManager.getInstance().getResourceBundle(cId, locale)); AuditLoggerManager.getInstance().logAuditEvent(ctx.getUserName(), ctx.getRequest().getRemoteAddr(), "get", "connector", String.valueOf(cIdentifier)); // Authorization check - connectors = AuthorizationEngine.filterResource(MResource.TYPE.CONNECTOR, connectors); + AuthorizationEngine.readConnector(String.valueOf(connector.getPersistenceId())); - return new ConnectorBean(connectors, configParamBundles); + return new ConnectorBean(Arrays.asList(connector), configParamBundles); } } } \ No newline at end of file diff --git a/server/src/main/java/org/apache/sqoop/handler/JobRequestHandler.java b/server/src/main/java/org/apache/sqoop/handler/JobRequestHandler.java index 0c5f1f21..e22b1e89 100644 --- a/server/src/main/java/org/apache/sqoop/handler/JobRequestHandler.java +++ b/server/src/main/java/org/apache/sqoop/handler/JobRequestHandler.java @@ -18,7 +18,7 @@ package org.apache.sqoop.handler; import java.io.IOException; -import java.util.ArrayList; +import java.util.Arrays; import java.util.List; import java.util.Locale; @@ -306,14 +306,12 @@ private JsonBean getJobs(RequestContext ctx) { ctx.getRequest().getRemoteAddr(), "get", "job", connectorIdentifier); long jobId = HandlerUtils.getJobIdFromIdentifier(connectorIdentifier, repository); - List jobList = new ArrayList(); - // a list of single element - jobList.add(repository.findJob(jobId)); + MJob job = repository.findJob(jobId); // Authorization check - jobList = AuthorizationEngine.filterResource(MResource.TYPE.JOB, jobList); + AuthorizationEngine.readJob(String.valueOf(job.getPersistenceId())); - jobBean = createJobBean(jobList, locale); + jobBean = createJobBean(Arrays.asList(job), locale); } return jobBean; } diff --git a/server/src/main/java/org/apache/sqoop/handler/LinkRequestHandler.java b/server/src/main/java/org/apache/sqoop/handler/LinkRequestHandler.java index 3187bcf0..6d4aa382 100644 --- a/server/src/main/java/org/apache/sqoop/handler/LinkRequestHandler.java +++ b/server/src/main/java/org/apache/sqoop/handler/LinkRequestHandler.java @@ -18,7 +18,7 @@ package org.apache.sqoop.handler; import java.io.IOException; -import java.util.ArrayList; +import java.util.Arrays; import java.util.List; import java.util.Locale; @@ -234,14 +234,12 @@ private JsonBean getLinks(RequestContext ctx) { ctx.getRequest().getRemoteAddr(), "get", "link", identifier); long linkId = HandlerUtils.getLinkIdFromIdentifier(identifier, repository); - List linkList = new ArrayList(); - // a list of single element - linkList.add(repository.findLink(linkId)); + MLink link = repository.findLink(linkId); // Authorization check - linkList = AuthorizationEngine.filterResource(MResource.TYPE.LINK, linkList); + AuthorizationEngine.readLink(String.valueOf(link.getPersistenceId())); - linkBean = createLinkBean(linkList, locale); + linkBean = createLinkBean(Arrays.asList(link), locale); } return linkBean; }