github/sqoop
5
0
Fork 0
mirror of https://github.com/apache/sqoop.git synced 2025-05-09 03:59:46 +08:00
Code Issues Projects Releases Wiki Activity

SQOOP-1981: Sqoop2: Default implementation of RBAC in Sqoop

Browse Source 
(Richard Zhou via Abraham Elmahrek)
This commit is contained in:
Abraham Elmahrek 2015-01-27 19:01:37 -08:00
parent 2b4db8023e
commit d7ba495af7
11 changed files with 984 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
common/src/main/java/org/apache/sqoop/model/MPrincipal.java Normal file
View File

@ -0,0 +1,80 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.sqoop.model;
/**
* Model describing entire principal object which used in principal based authorization controller
*/
public class MPrincipal {
private final String id;
private final String name;
/**
* Currently, the type supports user, group and role.
*/
private final String type;
/**
* Default constructor to build new MPrincipal model.
*
* @param id Principal id
* @param name Principal name
* @param type Principal type
*/
public MPrincipal(String id,
String name,
String type) {
this.id = id;
this.name = name;
this.type = type;
}
/**
* Constructor to build new MPrincipal model.
*
* @param name Principal name
* @param type Principal type
*/
public MPrincipal(String name,
String type) {
this(null, name, type);
}
@Override
public String toString() {
StringBuilder sb = new StringBuilder("Principal (");
sb.append("Principal id: ").append(this.id);
sb.append(", Principal name: ").append(this.name);
sb.append(", Principal type: ").append(this.type);
sb.append(" )");
return sb.toString();
}
public String getId() {
return id;
}
public String getName() {
return name;
}
public String getType() {
return type;
}
}

112
common/src/main/java/org/apache/sqoop/model/MPrivilege.java Normal file
View File

@ -0,0 +1,112 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.sqoop.model;
/**
* Model describing entire privilege object which used in privilege based authorization controller
*/
public class MPrivilege {
private final String id;
private final String name;
private final MResource resource;
/**
* Currently, the action supports view, use, create, update, delete and enable_disable.
*/
private final String action;
private final boolean with_grant_option;
/**
* Default constructor to build new MPrivilege model.
*
* @param id Privilege id
* @param name Privilege name
* @param resource Privilege resource
* @param action Privilege action
* @param with_grant_option Privilege with_grant_option
*/
public MPrivilege(String id,
String name,
MResource resource,
String action,
boolean with_grant_option) {
this.id = id;
this.name = name;
this.resource = resource;
this.action = action;
this.with_grant_option = with_grant_option;
}
/**
* Constructor to build new MPrivilege model.
*
* @param name Privilege name
* @param resource Privilege resource
* @param action Privilege action
*/
public MPrivilege(String name,
MResource resource,
String action) {
this(null, name, resource, action, false);
}
/**
* Constructor to build new MPrivilege model.
*
* @param resource Privilege resource
* @param action Privilege action
*/
public MPrivilege(MResource resource,
String action) {
this(null, resource, action);
}
@Override
public String toString() {
StringBuilder sb = new StringBuilder("Privilege (");
sb.append("Privilege id: ").append(this.id);
sb.append(", Privilege name: ").append(this.name);
sb.append(", Privilege resource: ").append(this.getResource().toString());
sb.append(", Privilege action: ").append(this.action);
sb.append(", Privilege with_grant_option: ").append(this.with_grant_option);
sb.append(" )");
return sb.toString();
}
public String getId() {
return id;
}
public String getName() {
return name;
}
public MResource getResource() {
return resource;
}
public String getAction() {
return action;
}
public boolean isWith_grant_option() {
return with_grant_option;
}
}

80
common/src/main/java/org/apache/sqoop/model/MResource.java Normal file
View File

@ -0,0 +1,80 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.sqoop.model;
/**
* Model describing entire resource object which used in resource based authorization controller
*/
public class MResource {
private final String id;
private final String name;
/**
* Currently, the type supports connector, link, job and submission.
*/
private final String type;
/**
* Default constructor to build new MResource model.
*
* @param id Resource id
* @param name Resource name
* @param type Resource type
*/
public MResource(String id,
String name,
String type) {
this.id = id;
this.name = name;
this.type = type;
}
/**
* Constructor to build new MResource model.
*
* @param name Resource name
* @param type Resource type
*/
public MResource(String name,
String type) {
this(null, name, type);
}
@Override
public String toString() {
StringBuilder sb = new StringBuilder("Resource (");
sb.append("Resource id: ").append(this.id);
sb.append(", Resource name: ").append(this.name);
sb.append(", Resource type: ").append(this.type);
sb.append(" )");
return sb.toString();
}
public String getId() {
return id;
}
public String getName() {
return name;
}
public String getType() {
return type;
}
}

66
common/src/main/java/org/apache/sqoop/model/MRole.java Normal file
View File

@ -0,0 +1,66 @@
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.sqoop.model;
/**
* Model describing entire role object which used in role based authorization controller
*/
public class MRole {
private final String id;
private final String name;
/**
* Default constructor to build new MRole model.
*
* @param id Role id
* @param name Role name
*/
public MRole(String id,
String name) {
this.id = id;
this.name = name;
}
/**
* Constructor to build new MRole model.
*
* @param name Role name
*/
public MRole(String name) {
this(null, name);
}
@Override
public String toString() {
StringBuilder sb = new StringBuilder("Role (");
sb.append("Role id: ").append(this.id);
sb.append(", Role name: ").append(this.name);
sb.append(" )");
return sb.toString();
}
public String getId() {
return id;
}
public String getName() {
return name;
}
}

92
core/src/main/java/org/apache/sqoop/security/AuthorizationAccessController.java
View File

@ -17,12 +17,100 @@
*/
package org.apache.sqoop.security;
import org.apache.log4j.Logger;
import org.apache.sqoop.common.SqoopException;
import org.apache.sqoop.model.MPrincipal;
import org.apache.sqoop.model.MPrivilege;
import org.apache.sqoop.model.MResource;
import org.apache.sqoop.model.MRole;
import java.util.List;
/***
* AuthorizationAccessController is responsible for managing access rule and principal.
*/
public abstract class AuthorizationAccessController {
private static final Logger LOG = Logger.getLogger(AuthorizationAccessController.class);
/**
* Role related function
*/
public abstract List<MRole> getAllRoles() throws SqoopException;
public abstract MRole getRole(String name) throws SqoopException;
public abstract List<MRole> getRolesByPrincipal(MPrincipal principal) throws SqoopException;
public abstract List<MRole> getRolesByPrivilege(MPrivilege privilege) throws SqoopException;
public abstract void createRole(String name) throws SqoopException;
public abstract void updateRole(String old_name, String new_name) throws SqoopException;
public abstract void removeRole(String name) throws SqoopException;
/**
* Principal related function
*/
public abstract List<MPrincipal> getAllPrincipals() throws SqoopException;
public abstract List<MPrincipal> getPrincipalsByName(String name) throws SqoopException;
public abstract List<MPrincipal> getPrincipalsByType(String type) throws SqoopException;
public abstract MPrincipal getPrincipal(String name, String type) throws SqoopException;
public abstract List<MPrincipal> getPrincipalsByRole(MRole role) throws SqoopException;
public abstract void createPrincipal(String name, String type) throws SqoopException;
public abstract void updatePrincipal(MPrincipal old_principal, MPrincipal new_principal) throws SqoopException;
public abstract void removePrincipalsByName(String name) throws SqoopException;
public abstract void removePrincipalsByType(String type) throws SqoopException;
public abstract void removePrincipal(MPrincipal principal) throws SqoopException;
public abstract void grantRole(List<MPrincipal> principals, List<MRole> roles) throws SqoopException;
public abstract void revokeRole(List<MPrincipal> principals, List<MRole> roles) throws SqoopException;
/**
* Resource related function
*/
public abstract List<MResource> getAllResources() throws SqoopException;
public abstract List<MResource> getResourcesByType(String type) throws SqoopException;
public abstract MResource getResource(String name, String type) throws SqoopException;
public abstract void createResource(String name, String type) throws SqoopException;
public abstract void updateResource(MResource old_resource, MResource new_resource) throws SqoopException;
public abstract void removeResourcesByType(String type) throws SqoopException;
public abstract void removeResource(MResource resource) throws SqoopException;
/**
* Privilege related function
*/
public abstract List<MPrivilege> getAllPrivileges() throws SqoopException;
public abstract MPrivilege getPrivilegeByName(String name) throws SqoopException;
public abstract List<MPrivilege> getPrivilegesByResource(MResource resource) throws SqoopException;
public abstract List<MPrivilege> getPrivilegesByRole(MRole role) throws SqoopException;
public abstract void createPrivilege(String name, MResource resource, String action, boolean with_grant_option) throws SqoopException;
public abstract void updatePrivilege(MPrivilege old_privilege, MPrivilege new_privilege) throws SqoopException;
public abstract void removePrivilege(String name) throws SqoopException;
public abstract void removePrivilegesByResource(MResource resource) throws SqoopException;
public abstract void grantPrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) throws SqoopException;
public abstract void revokePrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) throws SqoopException;
}

103
core/src/main/java/org/apache/sqoop/security/AuthorizationHandler.java
View File

@ -18,31 +18,104 @@
package org.apache.sqoop.security;
import org.apache.log4j.Logger;
import org.apache.sqoop.common.SqoopException;
import org.apache.sqoop.model.MPrincipal;
import org.apache.sqoop.model.MPrivilege;
import org.apache.sqoop.model.MResource;
import org.apache.sqoop.model.MRole;
import java.util.List;
/***
* AuthorizationHandler is responsible for controlling role based access.
*/
public abstract class AuthorizationHandler {
private static final Logger LOG = Logger.getLogger(AuthorizationHandler.class);
public abstract void doInitialize() throws ClassNotFoundException, IllegalAccessException, InstantiationException;
protected AuthorizationAccessController authorizationAccessController;
/**
* Role related function
*/
public abstract List<MRole> getAllRoles() throws SqoopException;
protected AuthorizationValidator authorizationValidator;
public abstract MRole getRole(String name) throws SqoopException;
public AuthorizationValidator getAuthorizationValidator() {
return authorizationValidator;
}
public abstract List<MRole> getRolesByPrincipal(MPrincipal principal) throws SqoopException;
public void setAuthorizationValidator(AuthorizationValidator authorizationValidator) {
this.authorizationValidator = authorizationValidator;
}
public abstract List<MRole> getRolesByPrivilege(MPrivilege privilege) throws SqoopException;
public AuthorizationAccessController getAuthorizationAccessController() {
return authorizationAccessController;
}
public abstract void createRole(String name) throws SqoopException;
public void setAuthorizationAccessController(AuthorizationAccessController authorizationAccessController) {
this.authorizationAccessController = authorizationAccessController;
}
public abstract void updateRole(String old_name, String new_name) throws SqoopException;
public abstract void removeRole(String name) throws SqoopException;
/**
* Principal related function
*/
public abstract List<MPrincipal> getAllPrincipals() throws SqoopException;
public abstract List<MPrincipal> getPrincipalsByName(String name) throws SqoopException;
public abstract List<MPrincipal> getPrincipalsByType(String type) throws SqoopException;
public abstract MPrincipal getPrincipal(String name, String type) throws SqoopException;
public abstract List<MPrincipal> getPrincipalsByRole(MRole role) throws SqoopException;
public abstract void createPrincipal(String name, String type) throws SqoopException;
public abstract void updatePrincipal(MPrincipal old_principal, MPrincipal new_principal) throws SqoopException;
public abstract void removePrincipalsByName(String name) throws SqoopException;
public abstract void removePrincipalsByType(String type) throws SqoopException;
public abstract void removePrincipal(MPrincipal principal) throws SqoopException;
public abstract void grantRole(List<MPrincipal> principals, List<MRole> roles) throws SqoopException;
public abstract void revokeRole(List<MPrincipal> principals, List<MRole> roles) throws SqoopException;
/**
* Resource related function
*/
public abstract List<MResource> getAllResources() throws SqoopException;
public abstract List<MResource> getResourcesByType(String type) throws SqoopException;
public abstract MResource getResource(String name, String type) throws SqoopException;
public abstract void createResource(String name, String type) throws SqoopException;
public abstract void updateResource(MResource old_resource, MResource new_resource) throws SqoopException;
public abstract void removeResourcesByType(String type) throws SqoopException;
public abstract void removeResource(MResource resource) throws SqoopException;
/**
* Privilege related function
*/
public abstract List<MPrivilege> getAllPrivileges() throws SqoopException;
public abstract MPrivilege getPrivilegeByName(String name) throws SqoopException;
public abstract List<MPrivilege> getPrivilegesByResource(MResource resource) throws SqoopException;
public abstract List<MPrivilege> getPrivilegesByRole(MRole role) throws SqoopException;
public abstract void createPrivilege(String name, MResource resource, String action, boolean with_grant_option) throws SqoopException;
public abstract void updatePrivilege(MPrivilege old_privilege, MPrivilege new_privilege) throws SqoopException;
public abstract void removePrivilege(String name) throws SqoopException;
public abstract void removePrivilegesByResource(MResource resource) throws SqoopException;
public abstract void grantPrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) throws SqoopException;
public abstract void revokePrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) throws SqoopException;
public abstract void checkPrivileges(MPrincipal principal, List<MPrivilege> privileges) throws SqoopException;
}

30
core/src/main/java/org/apache/sqoop/security/AuthorizationManager.java
View File

@ -34,16 +34,6 @@ public class AuthorizationManager implements Reconfigurable {
*/
public static final String DEFAULT_AUTHORIZATION_HANDLER = "org.apache.sqoop.security.Authorization.DefaultAuthorizationHandler";
/**
* Default authorization access controller
*/
public static final String DEFAULT_AUTHORIZATION_ACCESS_CONTROLLER = "org.apache.sqoop.security.Authorization.DefaultAuthorizationAccessController";
/**
* Default authorization validator
*/
public static final String DEFAULT_AUTHORIZATION_VALIDATOR = "org.apache.sqoop.security.Authorization.DefaultAuthorizationValidator";
/**
* Default authorization auto upgrade option value
*/
@ -98,24 +88,12 @@ public static AuthorizationHandler getAuthorizationHandler() {
public synchronized void initialize() throws ClassNotFoundException, IllegalAccessException, InstantiationException {
LOG.trace("Begin authorization manager initialization");
MapContext mapContext = SqoopConfiguration.getInstance().getContext();
String handler = mapContext.getString(SecurityConstants.AUTHORIZATION_HANDLER,
DEFAULT_AUTHORIZATION_HANDLER).trim();
String handler = SqoopConfiguration.getInstance().getContext().getString(
SecurityConstants.AUTHORIZATION_HANDLER,
DEFAULT_AUTHORIZATION_HANDLER).trim();
authorizationHandler = SecurityFactory.getAuthorizationHandler(handler);
String accessController = mapContext.getString(
SecurityConstants.AUTHORIZATION_ACCESS_CONTROLLER,
DEFAULT_AUTHORIZATION_ACCESS_CONTROLLER).trim();
AuthorizationAccessController authorizationAccessController =
SecurityFactory.getAuthorizationAccessController(accessController);
authorizationHandler.setAuthorizationAccessController(authorizationAccessController);
String validator = mapContext.getString(SecurityConstants.AUTHORIZATION_VALIDATOR,
DEFAULT_AUTHORIZATION_VALIDATOR).trim();
AuthorizationValidator authorizationValidator =
SecurityFactory.getAuthorizationValidator(validator);
authorizationHandler.setAuthorizationValidator(authorizationValidator);
authorizationHandler.doInitialize();
LOG.info("Authorization loaded.");
}

8
core/src/main/java/org/apache/sqoop/security/AuthorizationValidator.java
View File

@ -17,13 +17,17 @@
*/
package org.apache.sqoop.security;
import org.apache.log4j.Logger;
import org.apache.sqoop.common.SqoopException;
import org.apache.sqoop.model.MPrincipal;
import org.apache.sqoop.model.MPrivilege;
import java.util.List;
/***
* AuthorizationHandler is responsible for checking access.
*/
public abstract class AuthorizationValidator {
private static final Logger LOG = Logger.getLogger(AuthorizationValidator.class);
public abstract void checkPrivileges(MPrincipal principal, List<MPrivilege> privileges) throws SqoopException;
}

232
security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationAccessController.java
View File

@ -18,9 +18,241 @@
package org.apache.sqoop.security.Authorization;
import org.apache.log4j.Logger;
import org.apache.sqoop.common.SqoopException;
import org.apache.sqoop.model.MPrincipal;
import org.apache.sqoop.model.MPrivilege;
import org.apache.sqoop.model.MResource;
import org.apache.sqoop.model.MRole;
import org.apache.sqoop.security.AuthorizationAccessController;
import java.security.Principal;
import java.util.List;
public class DefaultAuthorizationAccessController extends AuthorizationAccessController {
private static final Logger LOG = Logger.getLogger(DefaultAuthorizationAccessController.class);
/**
* Role related function
*/
public List<MRole> getAllRoles() throws SqoopException {
LOG.debug("Get all roles in default authorization access controller: return null");
return null;
}
public MRole getRole(String name) throws SqoopException {
LOG.debug("Get role in default authorization access controller: return null");
LOG.debug("name: " + name);
return null;
}
public List<MRole> getRolesByPrincipal(MPrincipal principal) throws SqoopException {
LOG.debug("Get roles by principal in default authorization access controller: return null");
LOG.debug("principal: " + principal.toString());
return null;
}
public List<MRole> getRolesByPrivilege(MPrivilege privilege) throws SqoopException {
LOG.debug("Get roles by privilege in default authorization access controller: return null");
LOG.debug("privilege: " + privilege.toString());
return null;
}
public void createRole(String name) throws SqoopException {
LOG.debug("Create role in default authorization access controller: empty function");
LOG.debug("name: " + name);
}
public void updateRole(String old_name, String new_name) throws SqoopException {
LOG.debug("Update role in default authorization access controller: empty function");
LOG.debug("old name: " + old_name + ", new name: " + new_name);
}
public void removeRole(String name) throws SqoopException {
LOG.debug("Remove role in default authorization access controller: empty function");
LOG.debug("name: " + name);
}
/**
* Principal related function
*/
public List<MPrincipal> getAllPrincipals() throws SqoopException {
LOG.debug("Get all principals in default authorization access controller: return null");
return null;
}
public List<MPrincipal> getPrincipalsByName(String name) throws SqoopException {
LOG.debug("Get principals by name in default authorization access controller: return null");
LOG.debug("name: " + name);
return null;
}
public List<MPrincipal> getPrincipalsByType(String type) throws SqoopException {
LOG.debug("Get principals by type in default authorization access controller: return null");
LOG.debug("type: " + type);
return null;
}
public MPrincipal getPrincipal(String name, String type) throws SqoopException {
LOG.debug("Get principal in default authorization access controller: return null");
LOG.debug("name: " + name + ", type: " + type);
return null;
}
public List<MPrincipal> getPrincipalsByRole(MRole role) throws SqoopException {
LOG.debug("Get principals by role in default authorization access controller: return null");
LOG.debug("role: " + role.toString());
return null;
}
public void createPrincipal(String name, String type) throws SqoopException {
LOG.debug("Create principal in default authorization access controller: empty function");
LOG.debug("name: " + name + ", type: " + type);
}
public void updatePrincipal(MPrincipal old_principal, MPrincipal new_principal) throws SqoopException {
LOG.debug("Update principal in default authorization access controller: empty function");
LOG.debug("old principal: " + old_principal + ", new principal: " + new_principal);
}
public void removePrincipalsByName(String name) throws SqoopException {
LOG.debug("Remove principals by name in default authorization access controller: empty function");
LOG.debug("name: " + name);
}
public void removePrincipalsByType(String type) throws SqoopException {
LOG.debug("Remove principals by type in default authorization access controller: empty function");
LOG.debug("type: " + type);
}
public void removePrincipal(MPrincipal principal) throws SqoopException {
LOG.debug("Remove principal in default authorization access controller: empty function");
LOG.debug("principal: " + principal.toString());
}
public void grantRole(List<MPrincipal> principals, List<MRole> roles) throws SqoopException {
LOG.debug("Grant role in default authorization access controller: empty function");
for (MPrincipal principal : principals) {
LOG.debug("principal: " + principal.toString());
}
for (MRole role : roles) {
LOG.debug("role: " + role.toString());
}
}
public void revokeRole(List<MPrincipal> principals, List<MRole> roles) throws SqoopException {
LOG.debug("Revoke role in default authorization access controller: empty function");
for (MPrincipal principal : principals) {
LOG.debug("principal: " + principal.toString());
}
for (MRole role : roles) {
LOG.debug("role: " + role.toString());
}
}
/**
* Resource related function
*/
public List<MResource> getAllResources() throws SqoopException {
LOG.debug("Get all resources in default authorization access controller: return null");
return null;
}
public List<MResource> getResourcesByType(String type) throws SqoopException {
LOG.debug("Get resources by type in default authorization access controller: return null");
LOG.debug("type: " + type);
return null;
}
public MResource getResource(String name, String type) throws SqoopException {
LOG.debug("Get resource in default authorization access controller: return null");
LOG.debug("name: " + name + ", type: " + type);
return null;
}
public void createResource(String name, String type) throws SqoopException {
LOG.debug("Create resource in default authorization access controller: empty function");
LOG.debug("name: " + name + ", type: " + type);
}
public void updateResource(MResource old_resource, MResource new_resource) throws SqoopException {
LOG.debug("Update resource in default authorization access controller: empty function");
LOG.debug("old_resource: " + old_resource + ", new_resource: " + new_resource);
}
public void removeResourcesByType(String type) throws SqoopException {
LOG.debug("Remove resource by type in default authorization access controller: empty function");
LOG.debug("type: " + type);
}
public void removeResource(MResource resource) throws SqoopException {
LOG.debug("Remove resource in default authorization access controller: empty function");
LOG.debug("resource: " + resource.toString());
}
/**
* Privilege related function
*/
public List<MPrivilege> getAllPrivileges() throws SqoopException {
LOG.debug("Get all privileges in default authorization access controller: return null");
return null;
}
public MPrivilege getPrivilegeByName(String name) throws SqoopException {
LOG.debug("Get privileges by name in default authorization access controller: return null");
LOG.debug("name: " + name);
return null;
}
public List<MPrivilege> getPrivilegesByResource(MResource resource) throws SqoopException {
LOG.debug("Get privileges by resource in default authorization access controller: return null");
LOG.debug("resource: " + resource.toString());
return null;
}
public List<MPrivilege> getPrivilegesByRole(MRole role) throws SqoopException {
LOG.debug("Get privileges by role in default authorization access controller: return null");
LOG.debug("role: " + role.toString());
return null;
}
public void createPrivilege(String name, MResource resource, String action, boolean with_grant_option) throws SqoopException {
LOG.debug("Create privilege in default authorization access controller: empty function");
LOG.debug("name: " + name + ", resource: " + resource.toString() + ", action: " + action + ", with grant option: " + with_grant_option);
}
public void updatePrivilege(MPrivilege old_privilege, MPrivilege new_privilege) throws SqoopException {
LOG.debug("Update privilege in default authorization access controller: empty function");
LOG.debug("old_privilege: " + old_privilege + ", new_privilege: " + new_privilege);
}
public void removePrivilege(String name) throws SqoopException {
LOG.debug("Remove privilege in default authorization access controller: empty function");
LOG.debug("name: " + name);
}
public void removePrivilegesByResource(MResource resource) throws SqoopException {
LOG.debug("Remove privileges by resource in default authorization access controller: empty function");
LOG.debug("resource: " + resource.toString());
}
public void grantPrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) throws SqoopException {
LOG.debug("Grant privileges in default authorization access controller: empty function");
for (MPrincipal principal : principals) {
LOG.debug("principal: " + principal.toString());
}
for (MPrivilege privilege : privileges) {
LOG.debug("privilege: " + privilege.toString());
}
}
public void revokePrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) throws SqoopException {
LOG.debug("Revoke privileges in default authorization access controller: empty function");
for (MPrincipal principal : principals) {
LOG.debug("principal: " + principal.toString());
}
for (MPrivilege privilege : privileges) {
LOG.debug("privilege: " + privilege.toString());
}
}
}

214
security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationHandler.java
View File

@ -18,9 +18,221 @@
package org.apache.sqoop.security.Authorization;
import org.apache.log4j.Logger;
import org.apache.sqoop.security.AuthorizationHandler;
import org.apache.sqoop.common.MapContext;
import org.apache.sqoop.common.SqoopException;
import org.apache.sqoop.core.SqoopConfiguration;
import org.apache.sqoop.model.MPrincipal;
import org.apache.sqoop.model.MPrivilege;
import org.apache.sqoop.model.MResource;
import org.apache.sqoop.model.MRole;
import org.apache.sqoop.security.*;
import java.util.List;
public class DefaultAuthorizationHandler extends AuthorizationHandler {
/**
* Default authorization access controller
*/
public static final String DEFAULT_AUTHORIZATION_ACCESS_CONTROLLER = "org.apache.sqoop.security.Authorization.DefaultAuthorizationAccessController";
/**
* Default authorization validator
*/
public static final String DEFAULT_AUTHORIZATION_VALIDATOR = "org.apache.sqoop.security.Authorization.DefaultAuthorizationValidator";
private static final Logger LOG = Logger.getLogger(DefaultAuthorizationHandler.class);
protected AuthorizationAccessController authorizationAccessController;
protected AuthorizationValidator authorizationValidator;
public AuthorizationValidator getAuthorizationValidator() {
return authorizationValidator;
}
public void setAuthorizationValidator(AuthorizationValidator authorizationValidator) {
this.authorizationValidator = authorizationValidator;
}
public AuthorizationAccessController getAuthorizationAccessController() {
return authorizationAccessController;
}
public void setAuthorizationAccessController(AuthorizationAccessController authorizationAccessController) {
this.authorizationAccessController = authorizationAccessController;
}
public void doInitialize() throws ClassNotFoundException, IllegalAccessException, InstantiationException {
MapContext mapContext = SqoopConfiguration.getInstance().getContext();
String accessController = mapContext.getString(
SecurityConstants.AUTHORIZATION_ACCESS_CONTROLLER,
DEFAULT_AUTHORIZATION_ACCESS_CONTROLLER).trim();
this.authorizationAccessController = SecurityFactory.getAuthorizationAccessController(accessController);
String validator = mapContext.getString(
SecurityConstants.AUTHORIZATION_VALIDATOR,
DEFAULT_AUTHORIZATION_VALIDATOR).trim();
this.authorizationValidator = SecurityFactory.getAuthorizationValidator(validator);
}
/**
* Role related function
*/
public List<MRole> getAllRoles() throws SqoopException {
return this.authorizationAccessController.getAllRoles();
}
public MRole getRole(String name) throws SqoopException {
return this.authorizationAccessController.getRole(name);
}
public List<MRole> getRolesByPrincipal(MPrincipal principal) throws SqoopException {
return this.authorizationAccessController.getRolesByPrincipal(principal);
}
public List<MRole> getRolesByPrivilege(MPrivilege privilege) throws SqoopException {
return this.authorizationAccessController.getRolesByPrivilege(privilege);
}
public void createRole(String name) throws SqoopException {
this.authorizationAccessController.createRole(name);
}
public void updateRole(String old_name, String new_name) throws SqoopException {
this.authorizationAccessController.updateRole(old_name, new_name);
}
public void removeRole(String name) throws SqoopException {
this.authorizationAccessController.removeRole(name);
}
/**
* Principal related function
*/
public List<MPrincipal> getAllPrincipals() throws SqoopException {
return this.authorizationAccessController.getAllPrincipals();
}
public List<MPrincipal> getPrincipalsByName(String name) throws SqoopException {
return this.authorizationAccessController.getPrincipalsByName(name);
}
public List<MPrincipal> getPrincipalsByType(String type) throws SqoopException {
return this.authorizationAccessController.getPrincipalsByType(type);
}
public MPrincipal getPrincipal(String name, String type) throws SqoopException {
return this.authorizationAccessController.getPrincipal(name, type);
}
public List<MPrincipal> getPrincipalsByRole(MRole role) throws SqoopException {
return this.authorizationAccessController.getPrincipalsByRole(role);
}
public void createPrincipal(String name, String type) throws SqoopException {
this.authorizationAccessController.createPrincipal(name, type);
}
public void updatePrincipal(MPrincipal old_principal, MPrincipal new_principal) throws SqoopException {
this.authorizationAccessController.updatePrincipal(old_principal, new_principal);
}
public void removePrincipalsByName(String name) throws SqoopException {
this.authorizationAccessController.removePrincipalsByName(name);
}
public void removePrincipalsByType(String type) throws SqoopException {
this.authorizationAccessController.removePrincipalsByType(type);
}
public void removePrincipal(MPrincipal principal) throws SqoopException {
this.authorizationAccessController.removePrincipal(principal);
}
public void grantRole(List<MPrincipal> principals, List<MRole> roles) throws SqoopException {
this.authorizationAccessController.grantRole(principals, roles);
}
public void revokeRole(List<MPrincipal> principals, List<MRole> roles) throws SqoopException {
this.authorizationAccessController.revokeRole(principals, roles);
}
/**
* Resource related function
*/
public List<MResource> getAllResources() throws SqoopException {
return this.authorizationAccessController.getAllResources();
}
public List<MResource> getResourcesByType(String type) throws SqoopException {
return this.authorizationAccessController.getResourcesByType(type);
}
public MResource getResource(String name, String type) throws SqoopException {
return this.authorizationAccessController.getResource(name, type);
}
public void createResource(String name, String type) throws SqoopException {
this.authorizationAccessController.createResource(name, type);
}
public void updateResource(MResource old_resource, MResource new_resource) throws SqoopException {
this.authorizationAccessController.updateResource(old_resource, new_resource);
}
public void removeResourcesByType(String type) throws SqoopException {
this.authorizationAccessController.removeResourcesByType(type);
}
public void removeResource(MResource resource) throws SqoopException {
this.authorizationAccessController.removeResource(resource);
}
/**
* Privilege related function
*/
public List<MPrivilege> getAllPrivileges() throws SqoopException {
return this.authorizationAccessController.getAllPrivileges();
}
public MPrivilege getPrivilegeByName(String name) throws SqoopException {
return this.authorizationAccessController.getPrivilegeByName(name);
}
public List<MPrivilege> getPrivilegesByResource(MResource resource) throws SqoopException {
return this.authorizationAccessController.getPrivilegesByResource(resource);
}
public List<MPrivilege> getPrivilegesByRole(MRole role) throws SqoopException {
return this.authorizationAccessController.getPrivilegesByRole(role);
}
public void createPrivilege(String name, MResource resource, String action, boolean with_grant_option) throws SqoopException {
this.authorizationAccessController.createPrivilege(name, resource, action, with_grant_option);
}
public void updatePrivilege(MPrivilege old_privilege, MPrivilege new_privilege) throws SqoopException {
this.authorizationAccessController.updatePrivilege(old_privilege, new_privilege);
}
public void removePrivilege(String name) throws SqoopException {
this.authorizationAccessController.removePrivilege(name);
}
public void removePrivilegesByResource(MResource resource) throws SqoopException {
this.authorizationAccessController.removePrivilegesByResource(resource);
}
public void grantPrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) throws SqoopException {
this.authorizationAccessController.grantPrivileges(principals, privileges);
}
public void revokePrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) throws SqoopException {
this.authorizationAccessController.revokePrivileges(principals, privileges);
}
public void checkPrivileges(MPrincipal principal, List<MPrivilege> privileges) throws SqoopException {
this.authorizationValidator.checkPrivileges(principal, privileges);
}
}

13
security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationValidator.java
View File

@ -18,9 +18,22 @@
package org.apache.sqoop.security.Authorization;
import org.apache.log4j.Logger;
import org.apache.sqoop.common.SqoopException;
import org.apache.sqoop.model.MPrincipal;
import org.apache.sqoop.model.MPrivilege;
import org.apache.sqoop.security.AuthorizationValidator;
import java.util.List;
public class DefaultAuthorizationValidator extends AuthorizationValidator {
private static final Logger LOG = Logger.getLogger(DefaultAuthorizationValidator.class);
public void checkPrivileges(MPrincipal principal, List<MPrivilege> privileges) throws SqoopException {
LOG.debug("Check privilege in default authorization validator: always valid");
LOG.debug("principal: " + principal.toString());
for (MPrivilege privilege : privileges) {
LOG.debug("privilege: " + privilege.toString());
}
}
}