github/sqoop
5
0
Fork 0
mirror of https://github.com/apache/sqoop.git synced 2025-05-12 15:01:45 +08:00
Code Issues Projects Releases Wiki Activity

SQOOP-2537: Sqoop2: Use object name instead of object id for the name filed in MResource

Browse Source 
(Dian Fu via Jarek Jarcec Cecho)
This commit is contained in:
Jarek Jarcec Cecho 2015-09-09 15:41:57 +02:00
parent 547a5b4350
commit 66989a6ec5
5 changed files with 93 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
security/src/main/java/org/apache/sqoop/security/authorization/AuthorizationEngine.java
View File

@ -20,10 +20,6 @@
import com.beust.jcommander.internal.Lists;
import com.google.common.base.Predicate;
import com.google.common.collect.Collections2;
import org.apache.commons.lang.StringUtils;
import org.apache.hadoop.security.UserGroupInformation;
import org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation;
import org.apache.log4j.Logger;
import org.apache.sqoop.common.SqoopException;
import org.apache.sqoop.model.*;
import org.apache.sqoop.repository.Repository;
@ -37,7 +33,20 @@
public class AuthorizationEngine {
private static final Logger LOG = Logger.getLogger(AuthorizationEngine.class);
private static String getResourceName(MResource.TYPE resourceType, long resourceId) {
Repository repository = RepositoryManager.getInstance().getRepository();
switch (resourceType) {
case CONNECTOR:
return repository.findConnector(resourceId).getUniqueName();
case LINK:
return repository.findLink(resourceId).getName();
case JOB:
return repository.findJob(resourceId).getName();
}
return null;
}
/**
* Filter resources, get all valid resources from all resources
@ -47,7 +56,7 @@ public static <T extends MPersistableEntity> List<T> filterResource(final String
@Override
public boolean apply(T input) {
try {
String name = String.valueOf(input.getPersistenceId());
String name = getResourceName(type, input.getPersistenceId());
checkPrivilege(doUserName, getPrivilege(type, name, MPrivilege.ACTION.READ));
// add valid resource
return true;
@ -63,74 +72,73 @@ public boolean apply(T input) {
/**
* Connector related function
*/
public static void readConnector(String doUserName, String connectorId) throws SqoopException {
checkPrivilege(doUserName, getPrivilege(MResource.TYPE.CONNECTOR, connectorId, MPrivilege.ACTION.READ));
public static void readConnector(String doUserName, String connectorName) throws SqoopException {
checkPrivilege(doUserName, getPrivilege(MResource.TYPE.CONNECTOR, connectorName, MPrivilege.ACTION.READ));
}
/**
* Link related function
*/
public static void readLink(String doUserName, String linkId) throws SqoopException {
checkPrivilege(doUserName, getPrivilege(MResource.TYPE.LINK, linkId, MPrivilege.ACTION.READ));
public static void readLink(String doUserName, String linkName) throws SqoopException {
checkPrivilege(doUserName, getPrivilege(MResource.TYPE.LINK, linkName, MPrivilege.ACTION.READ));
}
public static void createLink(String doUserName, String connectorId) throws SqoopException {
checkPrivilege(doUserName, getPrivilege(MResource.TYPE.CONNECTOR, connectorId, MPrivilege.ACTION.READ));
public static void createLink(String doUserName, String connectorName) throws SqoopException {
checkPrivilege(doUserName, getPrivilege(MResource.TYPE.CONNECTOR, connectorName, MPrivilege.ACTION.READ));
}
public static void updateLink(String doUserName, String connectorId, String linkId) throws SqoopException {
MPrivilege privilege1 = getPrivilege(MResource.TYPE.CONNECTOR, connectorId, MPrivilege.ACTION.READ);
MPrivilege privilege2 = getPrivilege(MResource.TYPE.LINK, linkId, MPrivilege.ACTION.WRITE);
public static void updateLink(String doUserName, String connectorName, String linkName) throws SqoopException {
MPrivilege privilege1 = getPrivilege(MResource.TYPE.CONNECTOR, connectorName, MPrivilege.ACTION.READ);
MPrivilege privilege2 = getPrivilege(MResource.TYPE.LINK, linkName, MPrivilege.ACTION.WRITE);
checkPrivilege(doUserName, privilege1, privilege2);
}
public static void deleteLink(String doUserName, String linkId) throws SqoopException {
checkPrivilege(doUserName, getPrivilege(MResource.TYPE.LINK, linkId, MPrivilege.ACTION.WRITE));
public static void deleteLink(String doUserName, String linkName) throws SqoopException {
checkPrivilege(doUserName, getPrivilege(MResource.TYPE.LINK, linkName, MPrivilege.ACTION.WRITE));
}
public static void enableDisableLink(String doUserName, String linkId) throws SqoopException {
checkPrivilege(doUserName, getPrivilege(MResource.TYPE.LINK, linkId, MPrivilege.ACTION.WRITE));
public static void enableDisableLink(String doUserName, String linkName) throws SqoopException {
checkPrivilege(doUserName, getPrivilege(MResource.TYPE.LINK, linkName, MPrivilege.ACTION.WRITE));
}
/**
* Job related function
*/
public static void readJob(String doUserName, String jobId) throws SqoopException {
checkPrivilege(doUserName, getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.READ));
public static void readJob(String doUserName, String jobName) throws SqoopException {
checkPrivilege(doUserName, getPrivilege(MResource.TYPE.JOB, jobName, MPrivilege.ACTION.READ));
}
public static void createJob(String doUserName, String linkId1, String linkId2) throws SqoopException {
MPrivilege privilege1 = getPrivilege(MResource.TYPE.LINK, linkId1, MPrivilege.ACTION.READ);
MPrivilege privilege2 = getPrivilege(MResource.TYPE.LINK, linkId2, MPrivilege.ACTION.READ);
public static void createJob(String doUserName, String linkName1, String linkName2) throws SqoopException {
MPrivilege privilege1 = getPrivilege(MResource.TYPE.LINK, linkName1, MPrivilege.ACTION.READ);
MPrivilege privilege2 = getPrivilege(MResource.TYPE.LINK, linkName2, MPrivilege.ACTION.READ);
checkPrivilege(doUserName, privilege1, privilege2);
}
public static void updateJob(String doUserName, String linkId1, String linkId2, String jobId) throws SqoopException {
MPrivilege privilege1 = getPrivilege(MResource.TYPE.LINK, linkId1, MPrivilege.ACTION.READ);
MPrivilege privilege2 = getPrivilege(MResource.TYPE.LINK, linkId2, MPrivilege.ACTION.READ);
MPrivilege privilege3 = getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.WRITE);
public static void updateJob(String doUserName, String linkName1, String linkName2, String jobName) throws SqoopException {
MPrivilege privilege1 = getPrivilege(MResource.TYPE.LINK, linkName1, MPrivilege.ACTION.READ);
MPrivilege privilege2 = getPrivilege(MResource.TYPE.LINK, linkName2, MPrivilege.ACTION.READ);
MPrivilege privilege3 = getPrivilege(MResource.TYPE.JOB, jobName, MPrivilege.ACTION.WRITE);
checkPrivilege(doUserName, privilege1, privilege2, privilege3);
}
public static void deleteJob(String doUserName, String jobId) throws SqoopException {
checkPrivilege(doUserName, getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.WRITE));
public static void deleteJob(String doUserName, String jobName) throws SqoopException {
checkPrivilege(doUserName, getPrivilege(MResource.TYPE.JOB, jobName, MPrivilege.ACTION.WRITE));
}
public static void enableDisableJob(String doUserName, String jobId) throws SqoopException {
checkPrivilege(doUserName, getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.WRITE));
public static void enableDisableJob(String doUserName, String jobName) throws SqoopException {
checkPrivilege(doUserName, getPrivilege(MResource.TYPE.JOB, jobName, MPrivilege.ACTION.WRITE));
}
public static void startJob(String doUserName, String jobId) throws SqoopException {
;
checkPrivilege(doUserName, getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.WRITE));
public static void startJob(String doUserName, String jobName) throws SqoopException {
checkPrivilege(doUserName, getPrivilege(MResource.TYPE.JOB, jobName, MPrivilege.ACTION.WRITE));
}
public static void stopJob(String doUserName, String jobId) throws SqoopException {
checkPrivilege(doUserName, getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.WRITE));
public static void stopJob(String doUserName, String jobName) throws SqoopException {
checkPrivilege(doUserName, getPrivilege(MResource.TYPE.JOB, jobName, MPrivilege.ACTION.WRITE));
}
public static void statusJob(String doUserName, String jobId) throws SqoopException {
checkPrivilege(doUserName, getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.READ));
public static void statusJob(String doUserName, String jobName) throws SqoopException {
checkPrivilege(doUserName, getPrivilege(MResource.TYPE.JOB, jobName, MPrivilege.ACTION.READ));
}
/**
@ -141,8 +149,8 @@ public static List<MSubmission> filterSubmission(final String doUserName, List<M
@Override
public boolean apply(MSubmission input) {
try {
String jobId = String.valueOf(input.getJobId());
checkPrivilege(doUserName, getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.READ));
String jobName = getResourceName(MResource.TYPE.JOB, input.getJobId());
checkPrivilege(doUserName, getPrivilege(MResource.TYPE.JOB, jobName, MPrivilege.ACTION.READ));
// add valid submission
return true;
} catch (RuntimeException e) {
@ -158,9 +166,9 @@ public boolean apply(MSubmission input) {
* Help function
*/
private static MPrivilege getPrivilege(MResource.TYPE resourceType,
String resourceId,
String resourceName,
MPrivilege.ACTION privilegeAction) {
return new MPrivilege(new MResource(resourceId, resourceType), privilegeAction, false);
return new MPrivilege(new MResource(resourceName, resourceType), privilegeAction, false);
}
private static void checkPrivilege(String doUserName, MPrivilege... privileges) {
@ -176,12 +184,12 @@ private static void checkPrivilege(String doUserName, MPrivilege... privileges)
for (MPrivilege privilege : privileges) {
Repository repository = RepositoryManager.getInstance().getRepository();
if (MResource.TYPE.LINK.name().equalsIgnoreCase(privilege.getResource().getType())) {
MLink link = repository.findLink(Long.parseLong(privilege.getResource().getName()));
MLink link = repository.findLink(privilege.getResource().getName());
if (!doUserName.equals(link.getCreationUser())) {
privilegesNeedCheck.add(privilege);
}
} else if (MResource.TYPE.JOB.name().equalsIgnoreCase(privilege.getResource().getType())) {
MJob job = repository.findJob(Long.parseLong(privilege.getResource().getName()));
MJob job = repository.findJob(privilege.getResource().getName());
if (!doUserName.equals(job.getCreationUser())) {
privilegesNeedCheck.add(privilege);
}

2
server/src/main/java/org/apache/sqoop/handler/ConnectorRequestHandler.java
View File

@ -90,7 +90,7 @@ public JsonBean handleEvent(RequestContext ctx) {
ctx.getRequest().getRemoteAddr(), "get", "connector", String.valueOf(cIdentifier));
// Authorization check
AuthorizationEngine.readConnector(ctx.getUserName(), String.valueOf(connector.getPersistenceId()));
AuthorizationEngine.readConnector(ctx.getUserName(), connector.getUniqueName());
return new ConnectorBean(Arrays.asList(connector), configParamBundles);
}

35
server/src/main/java/org/apache/sqoop/handler/JobRequestHandler.java
View File

@ -140,14 +140,15 @@ private JsonBean deleteJob(RequestContext ctx) {
String jobIdentifier = ctx.getLastURLElement();
long jobId = HandlerUtils.getJobIdFromIdentifier(jobIdentifier);
String jobName = HandlerUtils.getJobNameFromIdentifier(jobIdentifier);
// Authorization check
AuthorizationEngine.deleteJob(ctx.getUserName(), String.valueOf(jobId));
AuthorizationEngine.deleteJob(ctx.getUserName(), jobName);
AuditLoggerManager.getInstance().logAuditEvent(ctx.getUserName(),
ctx.getRequest().getRemoteAddr(), "delete", "job", jobIdentifier);
repository.deleteJob(jobId);
MResource resource = new MResource(String.valueOf(jobId), MResource.TYPE.JOB);
MResource resource = new MResource(jobName, MResource.TYPE.JOB);
AuthorizationManager.getInstance().getAuthorizationHandler().removeResource(resource);
return JsonBean.EMPTY_BEAN;
}
@ -186,12 +187,14 @@ private JsonBean createUpdateJob(RequestContext ctx, boolean create) {
// Authorization check
if (create) {
AuthorizationEngine.createJob(ctx.getUserName(), String.valueOf(postedJob.getFromLinkId()),
String.valueOf(postedJob.getToLinkId()));
AuthorizationEngine.createJob(ctx.getUserName(),
HandlerUtils.getLinkNameFromIdentifier(String.valueOf(postedJob.getFromLinkId())),
HandlerUtils.getLinkNameFromIdentifier(String.valueOf(postedJob.getToLinkId())));
} else {
AuthorizationEngine.updateJob(ctx.getUserName(), String.valueOf(postedJob.getFromLinkId()),
String.valueOf(postedJob.getToLinkId()),
String.valueOf(postedJob.getPersistenceId()));
AuthorizationEngine.updateJob(ctx.getUserName(),
HandlerUtils.getLinkNameFromIdentifier(String.valueOf(postedJob.getFromLinkId())),
HandlerUtils.getLinkNameFromIdentifier(String.valueOf(postedJob.getToLinkId())),
HandlerUtils.getJobNameFromIdentifier(String.valueOf(postedJob.getPersistenceId())));
}
// Verify that user is not trying to spoof us
@ -306,12 +309,12 @@ private JsonBean getJobs(RequestContext ctx) {
AuditLoggerManager.getInstance().logAuditEvent(ctx.getUserName(),
ctx.getRequest().getRemoteAddr(), "get", "job", connectorIdentifier);
long jobId = HandlerUtils.getJobIdFromIdentifier(connectorIdentifier);
MJob job = repository.findJob(jobId);
String jobName = HandlerUtils.getJobNameFromIdentifier(connectorIdentifier);
// Authorization check
AuthorizationEngine.readJob(ctx.getUserName(), String.valueOf(job.getPersistenceId()));
AuthorizationEngine.readJob(ctx.getUserName(), jobName);
MJob job = repository.findJob(jobName);
jobBean = createJobBean(Arrays.asList(job), locale);
}
return jobBean;
@ -351,9 +354,10 @@ private JsonBean enableJob(RequestContext ctx, boolean enabled) {
String[] elements = ctx.getUrlElements();
String jobIdentifier = elements[elements.length - 2];
long jobId = HandlerUtils.getJobIdFromIdentifier(jobIdentifier);
String jobName = HandlerUtils.getJobNameFromIdentifier(jobIdentifier);
// Authorization check
AuthorizationEngine.enableDisableJob(ctx.getUserName(), String.valueOf(jobId));
AuthorizationEngine.enableDisableJob(ctx.getUserName(), jobName);
repository.enableJob(jobId, enabled);
return JsonBean.EMPTY_BEAN;
@ -363,9 +367,10 @@ private JsonBean startJob(RequestContext ctx) {
String[] elements = ctx.getUrlElements();
String jobIdentifier = elements[elements.length - 2];
long jobId = HandlerUtils.getJobIdFromIdentifier(jobIdentifier);
String jobName = HandlerUtils.getJobNameFromIdentifier(jobIdentifier);
// Authorization check
AuthorizationEngine.startJob(ctx.getUserName(), String.valueOf(jobId));
AuthorizationEngine.startJob(ctx.getUserName(), jobName);
AuditLoggerManager.getInstance().logAuditEvent(ctx.getUserName(),
ctx.getRequest().getRemoteAddr(), "submit", "job", String.valueOf(jobId));
@ -388,9 +393,10 @@ private JsonBean stopJob(RequestContext ctx) {
String[] elements = ctx.getUrlElements();
String jobIdentifier = elements[elements.length - 2];
long jobId = HandlerUtils.getJobIdFromIdentifier(jobIdentifier);
String jobName = HandlerUtils.getJobNameFromIdentifier(jobIdentifier);
// Authorization check
AuthorizationEngine.stopJob(ctx.getUserName(), String.valueOf(jobId));
AuthorizationEngine.stopJob(ctx.getUserName(), jobName);
AuditLoggerManager.getInstance().logAuditEvent(ctx.getUserName(),
ctx.getRequest().getRemoteAddr(), "stop", "job", String.valueOf(jobId));
@ -402,9 +408,10 @@ private JsonBean getJobStatus(RequestContext ctx) {
String[] elements = ctx.getUrlElements();
String jobIdentifier = elements[elements.length - 2];
long jobId = HandlerUtils.getJobIdFromIdentifier(jobIdentifier);
String jobName = HandlerUtils.getJobNameFromIdentifier(jobIdentifier);
// Authorization check
AuthorizationEngine.statusJob(ctx.getUserName(), String.valueOf(jobId));
AuthorizationEngine.statusJob(ctx.getUserName(), jobName);
AuditLoggerManager.getInstance().logAuditEvent(ctx.getUserName(),
ctx.getRequest().getRemoteAddr(), "status", "job", String.valueOf(jobId));

18
server/src/main/java/org/apache/sqoop/handler/LinkRequestHandler.java
View File

@ -94,15 +94,16 @@ private JsonBean deleteLink(RequestContext ctx) {
String linkIdentifier = ctx.getLastURLElement();
// support linkName or linkId for the api
long linkId = HandlerUtils.getLinkIdFromIdentifier(linkIdentifier);
String linkName = HandlerUtils.getLinkNameFromIdentifier(linkIdentifier);
// Authorization check
AuthorizationEngine.deleteLink(ctx.getUserName(), String.valueOf(linkId));
AuthorizationEngine.deleteLink(ctx.getUserName(), linkName);
AuditLoggerManager.getInstance().logAuditEvent(ctx.getUserName(),
ctx.getRequest().getRemoteAddr(), "delete", "link", linkIdentifier);
repository.deleteLink(linkId);
MResource resource = new MResource(String.valueOf(linkId), MResource.TYPE.LINK);
MResource resource = new MResource(linkName, MResource.TYPE.LINK);
AuthorizationManager.getInstance().getAuthorizationHandler().removeResource(resource);
return JsonBean.EMPTY_BEAN;
}
@ -138,10 +139,12 @@ private JsonBean createUpdateLink(RequestContext ctx, boolean create) {
// Authorization check
if (create) {
AuthorizationEngine.createLink(ctx.getUserName(), String.valueOf(postedLink.getConnectorId()));
AuthorizationEngine.createLink(ctx.getUserName(),
HandlerUtils.getConnectorNameFromIdentifier(String.valueOf(postedLink.getConnectorId())));
} else {
AuthorizationEngine.updateLink(ctx.getUserName(), String.valueOf(postedLink.getConnectorId()),
String.valueOf(postedLink.getPersistenceId()));
AuthorizationEngine.updateLink(ctx.getUserName(),
HandlerUtils.getConnectorNameFromIdentifier(String.valueOf(postedLink.getConnectorId())),
HandlerUtils.getLinkNameFromIdentifier(String.valueOf(postedLink.getPersistenceId())));
}
MLinkConfig linkConfig = ConnectorManager.getInstance()
@ -238,7 +241,7 @@ private JsonBean getLinks(RequestContext ctx) {
MLink link = repository.findLink(linkId);
// Authorization check
AuthorizationEngine.readLink(ctx.getUserName(), String.valueOf(link.getPersistenceId()));
AuthorizationEngine.readLink(ctx.getUserName(), link.getName());
linkBean = createLinkBean(Arrays.asList(link), locale);
}
@ -273,9 +276,10 @@ private JsonBean enableLink(RequestContext ctx, boolean enabled) {
String[] elements = ctx.getUrlElements();
String linkIdentifier = elements[elements.length - 2];
long linkId = HandlerUtils.getLinkIdFromIdentifier(linkIdentifier);
String linkName = HandlerUtils.getLinkNameFromIdentifier(linkIdentifier);
// Authorization check
AuthorizationEngine.enableDisableLink(ctx.getUserName(), String.valueOf(linkId));
AuthorizationEngine.enableDisableLink(ctx.getUserName(), linkName);
repository.enableLink(linkId, enabled);
return JsonBean.EMPTY_BEAN;

12
server/src/main/java/org/apache/sqoop/handler/SubmissionRequestHandler.java
View File

@ -55,8 +55,7 @@ public JsonBean handleEvent(RequestContext ctx) {
String jobIdentifier = ctx.getParameterValue(JOB_NAME_QUERY_PARAM);
AuditLoggerManager.getInstance().logAuditEvent(ctx.getUserName(),
ctx.getRequest().getRemoteAddr(), "get", "submissionsByJob", jobIdentifier);
long jobId = HandlerUtils.getJobIdFromIdentifier(jobIdentifier);
return getSubmissionsForJob(jobId, ctx);
return getSubmissionsForJob(jobIdentifier, ctx);
} else {
// all submissions in the system
AuditLoggerManager.getInstance().logAuditEvent(ctx.getUserName(),
@ -75,12 +74,15 @@ private JsonBean getSubmissions(RequestContext ctx) {
return new SubmissionsBean(submissions);
}
private JsonBean getSubmissionsForJob(long jid, RequestContext ctx) {
private JsonBean getSubmissionsForJob(String jobIdentifier, RequestContext ctx) {
long jobId = HandlerUtils.getJobIdFromIdentifier(jobIdentifier);
String jobName = HandlerUtils.getJobNameFromIdentifier(jobIdentifier);
//Authorization check
AuthorizationEngine.statusJob(ctx.getUserName(), String.valueOf(jid));
AuthorizationEngine.statusJob(ctx.getUserName(), jobName);
List<MSubmission> submissions = RepositoryManager.getInstance().getRepository()
.findSubmissionsForJob(jid);
.findSubmissionsForJob(jobId);
return new SubmissionsBean(submissions);
}