SQOOP-2537: Sqoop2: Use object name instead of object id for the name filed in MResource

(Dian Fu via Jarek Jarcec Cecho)

security/src/main/java/org/apache/sqoop/security/authorization/AuthorizationEngine.java

@@ -20,10 +20,6 @@
 import com.beust.jcommander.internal.Lists;
 import com.google.common.base.Predicate;
 import com.google.common.collect.Collections2;
-import org.apache.commons.lang.StringUtils;
-import org.apache.hadoop.security.UserGroupInformation;
-import org.apache.hadoop.security.token.delegation.web.HttpUserGroupInformation;
-import org.apache.log4j.Logger;
 import org.apache.sqoop.common.SqoopException;
 import org.apache.sqoop.model.*;
 import org.apache.sqoop.repository.Repository;
@@ -37,7 +33,20 @@
 
 public class AuthorizationEngine {
 
-  private static final Logger LOG = Logger.getLogger(AuthorizationEngine.class);
+  private static String getResourceName(MResource.TYPE resourceType, long resourceId) {
+    Repository repository = RepositoryManager.getInstance().getRepository();
+
+    switch (resourceType) {
+    case CONNECTOR:
+      return repository.findConnector(resourceId).getUniqueName();
+    case LINK:
+      return repository.findLink(resourceId).getName();
+    case JOB:
+      return repository.findJob(resourceId).getName();
+    }
+
+    return null;
+  }
 
   /**
    * Filter resources, get all valid resources from all resources
@@ -47,7 +56,7 @@ public static <T extends MPersistableEntity> List<T> filterResource(final String
       @Override
       public boolean apply(T input) {
         try {
-          String name = String.valueOf(input.getPersistenceId());
+          String name = getResourceName(type, input.getPersistenceId());
           checkPrivilege(doUserName, getPrivilege(type, name, MPrivilege.ACTION.READ));
           // add valid resource
           return true;
@@ -63,74 +72,73 @@ public boolean apply(T input) {
   /**
    * Connector related function
    */
-  public static void readConnector(String doUserName, String connectorId) throws SqoopException {
+  public static void readConnector(String doUserName, String connectorName) throws SqoopException {
-    checkPrivilege(doUserName, getPrivilege(MResource.TYPE.CONNECTOR, connectorId, MPrivilege.ACTION.READ));
+    checkPrivilege(doUserName, getPrivilege(MResource.TYPE.CONNECTOR, connectorName, MPrivilege.ACTION.READ));
   }
 
   /**
    * Link related function
    */
-  public static void readLink(String doUserName, String linkId) throws SqoopException {
+  public static void readLink(String doUserName, String linkName) throws SqoopException {
-    checkPrivilege(doUserName, getPrivilege(MResource.TYPE.LINK, linkId, MPrivilege.ACTION.READ));
+    checkPrivilege(doUserName, getPrivilege(MResource.TYPE.LINK, linkName, MPrivilege.ACTION.READ));
   }
 
-  public static void createLink(String doUserName, String connectorId) throws SqoopException {
+  public static void createLink(String doUserName, String connectorName) throws SqoopException {
-    checkPrivilege(doUserName, getPrivilege(MResource.TYPE.CONNECTOR, connectorId, MPrivilege.ACTION.READ));
+    checkPrivilege(doUserName, getPrivilege(MResource.TYPE.CONNECTOR, connectorName, MPrivilege.ACTION.READ));
   }
 
-  public static void updateLink(String doUserName, String connectorId, String linkId) throws SqoopException {
+  public static void updateLink(String doUserName, String connectorName, String linkName) throws SqoopException {
-    MPrivilege privilege1 = getPrivilege(MResource.TYPE.CONNECTOR, connectorId, MPrivilege.ACTION.READ);
+    MPrivilege privilege1 = getPrivilege(MResource.TYPE.CONNECTOR, connectorName, MPrivilege.ACTION.READ);
-    MPrivilege privilege2 = getPrivilege(MResource.TYPE.LINK, linkId, MPrivilege.ACTION.WRITE);
+    MPrivilege privilege2 = getPrivilege(MResource.TYPE.LINK, linkName, MPrivilege.ACTION.WRITE);
     checkPrivilege(doUserName, privilege1, privilege2);
   }
 
-  public static void deleteLink(String doUserName, String linkId) throws SqoopException {
+  public static void deleteLink(String doUserName, String linkName) throws SqoopException {
-    checkPrivilege(doUserName, getPrivilege(MResource.TYPE.LINK, linkId, MPrivilege.ACTION.WRITE));
+    checkPrivilege(doUserName, getPrivilege(MResource.TYPE.LINK, linkName, MPrivilege.ACTION.WRITE));
   }
 
-  public static void enableDisableLink(String doUserName, String linkId) throws SqoopException {
+  public static void enableDisableLink(String doUserName, String linkName) throws SqoopException {
-    checkPrivilege(doUserName, getPrivilege(MResource.TYPE.LINK, linkId, MPrivilege.ACTION.WRITE));
+    checkPrivilege(doUserName, getPrivilege(MResource.TYPE.LINK, linkName, MPrivilege.ACTION.WRITE));
   }
 
   /**
    * Job related function
    */
-  public static void readJob(String doUserName, String jobId) throws SqoopException {
+  public static void readJob(String doUserName, String jobName) throws SqoopException {
-    checkPrivilege(doUserName, getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.READ));
+    checkPrivilege(doUserName, getPrivilege(MResource.TYPE.JOB, jobName, MPrivilege.ACTION.READ));
   }
 
-  public static void createJob(String doUserName, String linkId1, String linkId2) throws SqoopException {
+  public static void createJob(String doUserName, String linkName1, String linkName2) throws SqoopException {
-    MPrivilege privilege1 = getPrivilege(MResource.TYPE.LINK, linkId1, MPrivilege.ACTION.READ);
+    MPrivilege privilege1 = getPrivilege(MResource.TYPE.LINK, linkName1, MPrivilege.ACTION.READ);
-    MPrivilege privilege2 = getPrivilege(MResource.TYPE.LINK, linkId2, MPrivilege.ACTION.READ);
+    MPrivilege privilege2 = getPrivilege(MResource.TYPE.LINK, linkName2, MPrivilege.ACTION.READ);
     checkPrivilege(doUserName, privilege1, privilege2);
   }
 
-  public static void updateJob(String doUserName, String linkId1, String linkId2, String jobId) throws SqoopException {
+  public static void updateJob(String doUserName, String linkName1, String linkName2, String jobName) throws SqoopException {
-    MPrivilege privilege1 = getPrivilege(MResource.TYPE.LINK, linkId1, MPrivilege.ACTION.READ);
+    MPrivilege privilege1 = getPrivilege(MResource.TYPE.LINK, linkName1, MPrivilege.ACTION.READ);
-    MPrivilege privilege2 = getPrivilege(MResource.TYPE.LINK, linkId2, MPrivilege.ACTION.READ);
+    MPrivilege privilege2 = getPrivilege(MResource.TYPE.LINK, linkName2, MPrivilege.ACTION.READ);
-    MPrivilege privilege3 = getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.WRITE);
+    MPrivilege privilege3 = getPrivilege(MResource.TYPE.JOB, jobName, MPrivilege.ACTION.WRITE);
     checkPrivilege(doUserName, privilege1, privilege2, privilege3);
   }
 
-  public static void deleteJob(String doUserName, String jobId) throws SqoopException {
+  public static void deleteJob(String doUserName, String jobName) throws SqoopException {
-    checkPrivilege(doUserName, getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.WRITE));
+    checkPrivilege(doUserName, getPrivilege(MResource.TYPE.JOB, jobName, MPrivilege.ACTION.WRITE));
   }
 
-  public static void enableDisableJob(String doUserName, String jobId) throws SqoopException {
+  public static void enableDisableJob(String doUserName, String jobName) throws SqoopException {
-    checkPrivilege(doUserName, getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.WRITE));
+    checkPrivilege(doUserName, getPrivilege(MResource.TYPE.JOB, jobName, MPrivilege.ACTION.WRITE));
   }
 
-  public static void startJob(String doUserName, String jobId) throws SqoopException {
+  public static void startJob(String doUserName, String jobName) throws SqoopException {
-    ;
+    checkPrivilege(doUserName, getPrivilege(MResource.TYPE.JOB, jobName, MPrivilege.ACTION.WRITE));
-    checkPrivilege(doUserName, getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.WRITE));
   }
 
-  public static void stopJob(String doUserName, String jobId) throws SqoopException {
+  public static void stopJob(String doUserName, String jobName) throws SqoopException {
-    checkPrivilege(doUserName, getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.WRITE));
+    checkPrivilege(doUserName, getPrivilege(MResource.TYPE.JOB, jobName, MPrivilege.ACTION.WRITE));
   }
 
-  public static void statusJob(String doUserName, String jobId) throws SqoopException {
+  public static void statusJob(String doUserName, String jobName) throws SqoopException {
-    checkPrivilege(doUserName, getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.READ));
+    checkPrivilege(doUserName, getPrivilege(MResource.TYPE.JOB, jobName, MPrivilege.ACTION.READ));
   }
 
   /**
@@ -141,8 +149,8 @@ public static List<MSubmission> filterSubmission(final String doUserName, List<M
       @Override
       public boolean apply(MSubmission input) {
         try {
-          String jobId = String.valueOf(input.getJobId());
+          String jobName = getResourceName(MResource.TYPE.JOB, input.getJobId());
-          checkPrivilege(doUserName, getPrivilege(MResource.TYPE.JOB, jobId, MPrivilege.ACTION.READ));
+          checkPrivilege(doUserName, getPrivilege(MResource.TYPE.JOB, jobName, MPrivilege.ACTION.READ));
           // add valid submission
           return true;
         } catch (RuntimeException e) {
@@ -158,9 +166,9 @@ public boolean apply(MSubmission input) {
    * Help function
    */
   private static MPrivilege getPrivilege(MResource.TYPE resourceType,
-                                         String resourceId,
+                                         String resourceName,
                                          MPrivilege.ACTION privilegeAction) {
-    return new MPrivilege(new MResource(resourceId, resourceType), privilegeAction, false);
+    return new MPrivilege(new MResource(resourceName, resourceType), privilegeAction, false);
   }
 
   private static void checkPrivilege(String doUserName, MPrivilege... privileges) {
@@ -176,12 +184,12 @@ private static void checkPrivilege(String doUserName, MPrivilege... privileges)
     for (MPrivilege privilege : privileges) {
       Repository repository = RepositoryManager.getInstance().getRepository();
       if (MResource.TYPE.LINK.name().equalsIgnoreCase(privilege.getResource().getType())) {
-        MLink link = repository.findLink(Long.parseLong(privilege.getResource().getName()));
+        MLink link = repository.findLink(privilege.getResource().getName());
         if (!doUserName.equals(link.getCreationUser())) {
           privilegesNeedCheck.add(privilege);
         }
       } else if (MResource.TYPE.JOB.name().equalsIgnoreCase(privilege.getResource().getType())) {
-        MJob job = repository.findJob(Long.parseLong(privilege.getResource().getName()));
+        MJob job = repository.findJob(privilege.getResource().getName());
         if (!doUserName.equals(job.getCreationUser())) {
           privilegesNeedCheck.add(privilege);
         }

server/src/main/java/org/apache/sqoop/handler/ConnectorRequestHandler.java

@@ -90,7 +90,7 @@ public JsonBean handleEvent(RequestContext ctx) {
           ctx.getRequest().getRemoteAddr(), "get", "connector", String.valueOf(cIdentifier));
 
       // Authorization check
-      AuthorizationEngine.readConnector(ctx.getUserName(), String.valueOf(connector.getPersistenceId()));
+      AuthorizationEngine.readConnector(ctx.getUserName(), connector.getUniqueName());
 
       return new ConnectorBean(Arrays.asList(connector), configParamBundles);
     }

server/src/main/java/org/apache/sqoop/handler/JobRequestHandler.java

@@ -140,14 +140,15 @@ private JsonBean deleteJob(RequestContext ctx) {
 
     String jobIdentifier = ctx.getLastURLElement();
     long jobId = HandlerUtils.getJobIdFromIdentifier(jobIdentifier);
+    String jobName = HandlerUtils.getJobNameFromIdentifier(jobIdentifier);
 
     // Authorization check
-    AuthorizationEngine.deleteJob(ctx.getUserName(), String.valueOf(jobId));
+    AuthorizationEngine.deleteJob(ctx.getUserName(), jobName);
 
     AuditLoggerManager.getInstance().logAuditEvent(ctx.getUserName(),
         ctx.getRequest().getRemoteAddr(), "delete", "job", jobIdentifier);
     repository.deleteJob(jobId);
-    MResource resource = new MResource(String.valueOf(jobId), MResource.TYPE.JOB);
+    MResource resource = new MResource(jobName, MResource.TYPE.JOB);
     AuthorizationManager.getInstance().getAuthorizationHandler().removeResource(resource);
     return JsonBean.EMPTY_BEAN;
   }
@@ -186,12 +187,14 @@ private JsonBean createUpdateJob(RequestContext ctx, boolean create) {
 
     // Authorization check
     if (create) {
-      AuthorizationEngine.createJob(ctx.getUserName(), String.valueOf(postedJob.getFromLinkId()),
+      AuthorizationEngine.createJob(ctx.getUserName(),
-              String.valueOf(postedJob.getToLinkId()));
+          HandlerUtils.getLinkNameFromIdentifier(String.valueOf(postedJob.getFromLinkId())),
+          HandlerUtils.getLinkNameFromIdentifier(String.valueOf(postedJob.getToLinkId())));
     } else {
-      AuthorizationEngine.updateJob(ctx.getUserName(), String.valueOf(postedJob.getFromLinkId()),
+      AuthorizationEngine.updateJob(ctx.getUserName(),
-              String.valueOf(postedJob.getToLinkId()),
+          HandlerUtils.getLinkNameFromIdentifier(String.valueOf(postedJob.getFromLinkId())),
-              String.valueOf(postedJob.getPersistenceId()));
+          HandlerUtils.getLinkNameFromIdentifier(String.valueOf(postedJob.getToLinkId())),
+          HandlerUtils.getJobNameFromIdentifier(String.valueOf(postedJob.getPersistenceId())));
     }
 
     // Verify that user is not trying to spoof us
@@ -306,12 +309,12 @@ private JsonBean getJobs(RequestContext ctx) {
       AuditLoggerManager.getInstance().logAuditEvent(ctx.getUserName(),
           ctx.getRequest().getRemoteAddr(), "get", "job", connectorIdentifier);
 
-      long jobId = HandlerUtils.getJobIdFromIdentifier(connectorIdentifier);
+      String jobName = HandlerUtils.getJobNameFromIdentifier(connectorIdentifier);
-      MJob job = repository.findJob(jobId);
 
       // Authorization check
-      AuthorizationEngine.readJob(ctx.getUserName(), String.valueOf(job.getPersistenceId()));
+      AuthorizationEngine.readJob(ctx.getUserName(), jobName);
 
+      MJob job = repository.findJob(jobName);
       jobBean = createJobBean(Arrays.asList(job), locale);
     }
     return jobBean;
@@ -351,9 +354,10 @@ private JsonBean enableJob(RequestContext ctx, boolean enabled) {
     String[] elements = ctx.getUrlElements();
     String jobIdentifier = elements[elements.length - 2];
     long jobId = HandlerUtils.getJobIdFromIdentifier(jobIdentifier);
+    String jobName = HandlerUtils.getJobNameFromIdentifier(jobIdentifier);
 
     // Authorization check
-    AuthorizationEngine.enableDisableJob(ctx.getUserName(), String.valueOf(jobId));
+    AuthorizationEngine.enableDisableJob(ctx.getUserName(), jobName);
 
     repository.enableJob(jobId, enabled);
     return JsonBean.EMPTY_BEAN;
@@ -363,9 +367,10 @@ private JsonBean startJob(RequestContext ctx) {
     String[] elements = ctx.getUrlElements();
     String jobIdentifier = elements[elements.length - 2];
     long jobId = HandlerUtils.getJobIdFromIdentifier(jobIdentifier);
+    String jobName = HandlerUtils.getJobNameFromIdentifier(jobIdentifier);
 
     // Authorization check
-    AuthorizationEngine.startJob(ctx.getUserName(), String.valueOf(jobId));
+    AuthorizationEngine.startJob(ctx.getUserName(), jobName);
 
     AuditLoggerManager.getInstance().logAuditEvent(ctx.getUserName(),
         ctx.getRequest().getRemoteAddr(), "submit", "job", String.valueOf(jobId));
@@ -388,9 +393,10 @@ private JsonBean stopJob(RequestContext ctx) {
     String[] elements = ctx.getUrlElements();
     String jobIdentifier = elements[elements.length - 2];
     long jobId = HandlerUtils.getJobIdFromIdentifier(jobIdentifier);
+    String jobName = HandlerUtils.getJobNameFromIdentifier(jobIdentifier);
 
     // Authorization check
-    AuthorizationEngine.stopJob(ctx.getUserName(), String.valueOf(jobId));
+    AuthorizationEngine.stopJob(ctx.getUserName(), jobName);
 
     AuditLoggerManager.getInstance().logAuditEvent(ctx.getUserName(),
         ctx.getRequest().getRemoteAddr(), "stop", "job", String.valueOf(jobId));
@@ -402,9 +408,10 @@ private JsonBean getJobStatus(RequestContext ctx) {
     String[] elements = ctx.getUrlElements();
     String jobIdentifier = elements[elements.length - 2];
     long jobId = HandlerUtils.getJobIdFromIdentifier(jobIdentifier);
+    String jobName = HandlerUtils.getJobNameFromIdentifier(jobIdentifier);
 
     // Authorization check
-    AuthorizationEngine.statusJob(ctx.getUserName(), String.valueOf(jobId));
+    AuthorizationEngine.statusJob(ctx.getUserName(), jobName);
 
     AuditLoggerManager.getInstance().logAuditEvent(ctx.getUserName(),
         ctx.getRequest().getRemoteAddr(), "status", "job", String.valueOf(jobId));

server/src/main/java/org/apache/sqoop/handler/LinkRequestHandler.java

@@ -94,15 +94,16 @@ private JsonBean deleteLink(RequestContext ctx) {
     String linkIdentifier = ctx.getLastURLElement();
     // support linkName or linkId for the api
     long linkId = HandlerUtils.getLinkIdFromIdentifier(linkIdentifier);
+    String linkName = HandlerUtils.getLinkNameFromIdentifier(linkIdentifier);
 
     // Authorization check
-    AuthorizationEngine.deleteLink(ctx.getUserName(), String.valueOf(linkId));
+    AuthorizationEngine.deleteLink(ctx.getUserName(), linkName);
 
     AuditLoggerManager.getInstance().logAuditEvent(ctx.getUserName(),
         ctx.getRequest().getRemoteAddr(), "delete", "link", linkIdentifier);
 
     repository.deleteLink(linkId);
-    MResource resource = new MResource(String.valueOf(linkId), MResource.TYPE.LINK);
+    MResource resource = new MResource(linkName, MResource.TYPE.LINK);
     AuthorizationManager.getInstance().getAuthorizationHandler().removeResource(resource);
     return JsonBean.EMPTY_BEAN;
   }
@@ -138,10 +139,12 @@ private JsonBean createUpdateLink(RequestContext ctx, boolean create) {
 
     // Authorization check
     if (create) {
-      AuthorizationEngine.createLink(ctx.getUserName(), String.valueOf(postedLink.getConnectorId()));
+      AuthorizationEngine.createLink(ctx.getUserName(),
+          HandlerUtils.getConnectorNameFromIdentifier(String.valueOf(postedLink.getConnectorId())));
     } else {
-      AuthorizationEngine.updateLink(ctx.getUserName(), String.valueOf(postedLink.getConnectorId()),
+      AuthorizationEngine.updateLink(ctx.getUserName(),
-              String.valueOf(postedLink.getPersistenceId()));
+          HandlerUtils.getConnectorNameFromIdentifier(String.valueOf(postedLink.getConnectorId())),
+          HandlerUtils.getLinkNameFromIdentifier(String.valueOf(postedLink.getPersistenceId())));
     }
 
     MLinkConfig linkConfig = ConnectorManager.getInstance()
@@ -238,7 +241,7 @@ private JsonBean getLinks(RequestContext ctx) {
       MLink link = repository.findLink(linkId);
 
       // Authorization check
-      AuthorizationEngine.readLink(ctx.getUserName(), String.valueOf(link.getPersistenceId()));
+      AuthorizationEngine.readLink(ctx.getUserName(), link.getName());
 
       linkBean = createLinkBean(Arrays.asList(link), locale);
     }
@@ -273,9 +276,10 @@ private JsonBean enableLink(RequestContext ctx, boolean enabled) {
     String[] elements = ctx.getUrlElements();
     String linkIdentifier = elements[elements.length - 2];
     long linkId = HandlerUtils.getLinkIdFromIdentifier(linkIdentifier);
+    String linkName = HandlerUtils.getLinkNameFromIdentifier(linkIdentifier);
 
     // Authorization check
-    AuthorizationEngine.enableDisableLink(ctx.getUserName(), String.valueOf(linkId));
+    AuthorizationEngine.enableDisableLink(ctx.getUserName(), linkName);
 
     repository.enableLink(linkId, enabled);
     return JsonBean.EMPTY_BEAN;

server/src/main/java/org/apache/sqoop/handler/SubmissionRequestHandler.java

@@ -55,8 +55,7 @@ public JsonBean handleEvent(RequestContext ctx) {
       String jobIdentifier = ctx.getParameterValue(JOB_NAME_QUERY_PARAM);
       AuditLoggerManager.getInstance().logAuditEvent(ctx.getUserName(),
           ctx.getRequest().getRemoteAddr(), "get", "submissionsByJob", jobIdentifier);
-        long jobId = HandlerUtils.getJobIdFromIdentifier(jobIdentifier);
+        return getSubmissionsForJob(jobIdentifier, ctx);
-        return getSubmissionsForJob(jobId, ctx);
     } else {
       // all submissions in the system
       AuditLoggerManager.getInstance().logAuditEvent(ctx.getUserName(),
@@ -75,12 +74,15 @@ private JsonBean getSubmissions(RequestContext ctx) {
     return new SubmissionsBean(submissions);
   }
 
-  private JsonBean getSubmissionsForJob(long jid, RequestContext ctx) {
+  private JsonBean getSubmissionsForJob(String jobIdentifier, RequestContext ctx) {
+    long jobId = HandlerUtils.getJobIdFromIdentifier(jobIdentifier);
+    String jobName = HandlerUtils.getJobNameFromIdentifier(jobIdentifier);
+
     //Authorization check
-    AuthorizationEngine.statusJob(ctx.getUserName(), String.valueOf(jid));
+    AuthorizationEngine.statusJob(ctx.getUserName(), jobName);
 
     List<MSubmission> submissions = RepositoryManager.getInstance().getRepository()
-        .findSubmissionsForJob(jid);
+        .findSubmissionsForJob(jobId);
 
     return new SubmissionsBean(submissions);
   }