SQOOP-2379: Sqoop2: Check whether resource exists before run privilege check

(Dian Fu via Abraham Elmahrek)
2025-05-10 22:13:07 +08:00 · 2015-06-08 15:58:07 +03:00 · 2015-06-08 15:58:07 +03:00 · b8e53c4283
commit b8e53c4283
parent 3e50a3b7ee
2 changed files with 46 additions and 0 deletions
--- a/common/src/main/java/org/apache/sqoop/error/code/CommonRepositoryError.java
+++ b/common/src/main/java/org/apache/sqoop/error/code/CommonRepositoryError.java
@ -215,6 +215,7 @@ public enum CommonRepositoryError implements ErrorCode {
  /** We can't restore specific connector**/
  COMMON_0057("Unable to load specific connector"),

+  COMMON_0058("Resource doesn't exist"),
  ;

  private final String message;
--- a/server/src/main/java/org/apache/sqoop/handler/AuthorizationRequestHandler.java
+++ b/server/src/main/java/org/apache/sqoop/handler/AuthorizationRequestHandler.java
@ -20,6 +20,9 @@
 import org.apache.log4j.Logger;
 import org.apache.sqoop.audit.AuditLoggerManager;
 import org.apache.sqoop.common.SqoopException;
+import org.apache.sqoop.error.code.CommonRepositoryError;
+import org.apache.sqoop.repository.Repository;
+import org.apache.sqoop.repository.RepositoryManager;
 import org.apache.sqoop.server.common.ServerError;
 import org.apache.sqoop.json.*;
 import org.apache.sqoop.model.MPrincipal;
@ -165,6 +168,38 @@ private JsonBean getPrincipal(RequestContext ctx) {
    }
  }

+  private void checkResourceExists(MResource resource) {
+    if (resource == null) {
+      return;
+    }
+
+    Boolean resourceExists = false;
+    Repository repository = RepositoryManager.getInstance().getRepository();
+    MResource.TYPE type = MResource.TYPE.valueOf(resource.getType());
+
+    if (type == MResource.TYPE.CONNECTOR) {
+      if (repository.findConnector(resource.getName()) != null) {
+        resourceExists = true;
+      }
+    } else if (type == MResource.TYPE.LINK) {
+      if (repository.findLink(resource.getName()) != null) {
+        resourceExists = true;
+      }
+    } else if (type == MResource.TYPE.JOB) {
+      if (repository.findJob(resource.getName()) != null) {
+        resourceExists = true;
+      }
+    } else {
+      // For MResource.Type.SERVER, it must exists
+      resourceExists = true;
+    }
+
+    if (!resourceExists) {
+      throw new SqoopException(CommonRepositoryError.COMMON_0058,
+          "Can't find resource " + resource.toString());
+    }
+  }
+
  private JsonBean getPrivilege(RequestContext ctx) {
    AuthorizationHandler handler = AuthorizationManager.getAuthorizationHandler();
    AuditLoggerManager manager = AuditLoggerManager.getInstance();
@ -180,6 +215,7 @@ private JsonBean getPrivilege(RequestContext ctx) {
      if (resource_name != null && resource_type != null) {
        resource = new MResource(resource_name, resource_type);
      }
+      checkResourceExists(resource);
      manager.logAuditEvent(ctx.getUserName(),
              ctx.getRequest().getRemoteAddr(), "get", "privileges by principal", principal.toString());
      return new PrivilegesBean(handler.getPrivilegesByPrincipal(principal, resource));
@ -272,6 +308,15 @@ private JsonBean grantRevokePrivilege(RequestContext ctx, boolean isGrant) {
    // Get privilege object
    List<MPrivilege> privileges = privilegesBean == null ? null : privilegesBean.getPrivileges();

+    if (privileges != null) {
+      for (MPrivilege privilege : privileges) {
+        checkResourceExists(privilege.getResource());
+      }
+    } else if (isGrant){
+      throw new SqoopException(CommonRepositoryError.COMMON_0058,
+          "Resource can't be null");
+    }
+
    if (isGrant) {
      manager.logAuditEvent(ctx.getUserName(),
              ctx.getRequest().getRemoteAddr(), "grant", "role", "privilege");