diff --git a/common/src/main/java/org/apache/sqoop/model/MPrincipal.java b/common/src/main/java/org/apache/sqoop/model/MPrincipal.java new file mode 100644 index 00000000..061ffe52 --- /dev/null +++ b/common/src/main/java/org/apache/sqoop/model/MPrincipal.java @@ -0,0 +1,80 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sqoop.model; + +/** + * Model describing entire principal object which used in principal based authorization controller + */ +public class MPrincipal { + + private final String id; + private final String name; + /** + * Currently, the type supports user, group and role. + */ + private final String type; + + /** + * Default constructor to build new MPrincipal model. + * + * @param id Principal id + * @param name Principal name + * @param type Principal type + */ + public MPrincipal(String id, + String name, + String type) { + this.id = id; + this.name = name; + this.type = type; + } + + /** + * Constructor to build new MPrincipal model. + * + * @param name Principal name + * @param type Principal type + */ + public MPrincipal(String name, + String type) { + this(null, name, type); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder("Principal ("); + sb.append("Principal id: ").append(this.id); + sb.append(", Principal name: ").append(this.name); + sb.append(", Principal type: ").append(this.type); + sb.append(" )"); + + return sb.toString(); + } + + public String getId() { + return id; + } + + public String getName() { + return name; + } + + public String getType() { + return type; + } +} diff --git a/common/src/main/java/org/apache/sqoop/model/MPrivilege.java b/common/src/main/java/org/apache/sqoop/model/MPrivilege.java new file mode 100644 index 00000000..7d656eca --- /dev/null +++ b/common/src/main/java/org/apache/sqoop/model/MPrivilege.java @@ -0,0 +1,112 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sqoop.model; + +/** + * Model describing entire privilege object which used in privilege based authorization controller + */ +public class MPrivilege { + + private final String id; + private final String name; + private final MResource resource; + /** + * Currently, the action supports view, use, create, update, delete and enable_disable. + */ + private final String action; + private final boolean with_grant_option; + + + /** + * Default constructor to build new MPrivilege model. + * + * @param id Privilege id + * @param name Privilege name + * @param resource Privilege resource + * @param action Privilege action + * @param with_grant_option Privilege with_grant_option + */ + public MPrivilege(String id, + String name, + MResource resource, + String action, + boolean with_grant_option) { + this.id = id; + this.name = name; + this.resource = resource; + this.action = action; + this.with_grant_option = with_grant_option; + } + + /** + * Constructor to build new MPrivilege model. + * + * @param name Privilege name + * @param resource Privilege resource + * @param action Privilege action + */ + public MPrivilege(String name, + MResource resource, + String action) { + this(null, name, resource, action, false); + } + + /** + * Constructor to build new MPrivilege model. + * + * @param resource Privilege resource + * @param action Privilege action + */ + public MPrivilege(MResource resource, + String action) { + this(null, resource, action); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder("Privilege ("); + sb.append("Privilege id: ").append(this.id); + sb.append(", Privilege name: ").append(this.name); + sb.append(", Privilege resource: ").append(this.getResource().toString()); + sb.append(", Privilege action: ").append(this.action); + sb.append(", Privilege with_grant_option: ").append(this.with_grant_option); + sb.append(" )"); + + return sb.toString(); + } + + public String getId() { + return id; + } + + public String getName() { + return name; + } + + public MResource getResource() { + return resource; + } + + public String getAction() { + return action; + } + + public boolean isWith_grant_option() { + return with_grant_option; + } +} diff --git a/common/src/main/java/org/apache/sqoop/model/MResource.java b/common/src/main/java/org/apache/sqoop/model/MResource.java new file mode 100644 index 00000000..8e519e5b --- /dev/null +++ b/common/src/main/java/org/apache/sqoop/model/MResource.java @@ -0,0 +1,80 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sqoop.model; + +/** + * Model describing entire resource object which used in resource based authorization controller + */ +public class MResource { + + private final String id; + private final String name; + /** + * Currently, the type supports connector, link, job and submission. + */ + private final String type; + + /** + * Default constructor to build new MResource model. + * + * @param id Resource id + * @param name Resource name + * @param type Resource type + */ + public MResource(String id, + String name, + String type) { + this.id = id; + this.name = name; + this.type = type; + } + + /** + * Constructor to build new MResource model. + * + * @param name Resource name + * @param type Resource type + */ + public MResource(String name, + String type) { + this(null, name, type); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder("Resource ("); + sb.append("Resource id: ").append(this.id); + sb.append(", Resource name: ").append(this.name); + sb.append(", Resource type: ").append(this.type); + sb.append(" )"); + + return sb.toString(); + } + + public String getId() { + return id; + } + + public String getName() { + return name; + } + + public String getType() { + return type; + } +} diff --git a/common/src/main/java/org/apache/sqoop/model/MRole.java b/common/src/main/java/org/apache/sqoop/model/MRole.java new file mode 100644 index 00000000..359fa09b --- /dev/null +++ b/common/src/main/java/org/apache/sqoop/model/MRole.java @@ -0,0 +1,66 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.sqoop.model; + +/** + * Model describing entire role object which used in role based authorization controller + */ +public class MRole { + + private final String id; + private final String name; + + /** + * Default constructor to build new MRole model. + * + * @param id Role id + * @param name Role name + */ + public MRole(String id, + String name) { + this.id = id; + this.name = name; + } + + /** + * Constructor to build new MRole model. + * + * @param name Role name + */ + public MRole(String name) { + this(null, name); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder("Role ("); + sb.append("Role id: ").append(this.id); + sb.append(", Role name: ").append(this.name); + sb.append(" )"); + + return sb.toString(); + } + + public String getId() { + return id; + } + + public String getName() { + return name; + } +} diff --git a/core/src/main/java/org/apache/sqoop/security/AuthorizationAccessController.java b/core/src/main/java/org/apache/sqoop/security/AuthorizationAccessController.java index 698a940e..54fa556e 100644 --- a/core/src/main/java/org/apache/sqoop/security/AuthorizationAccessController.java +++ b/core/src/main/java/org/apache/sqoop/security/AuthorizationAccessController.java @@ -17,12 +17,100 @@ */ package org.apache.sqoop.security; -import org.apache.log4j.Logger; +import org.apache.sqoop.common.SqoopException; +import org.apache.sqoop.model.MPrincipal; +import org.apache.sqoop.model.MPrivilege; +import org.apache.sqoop.model.MResource; +import org.apache.sqoop.model.MRole; + +import java.util.List; /*** * AuthorizationAccessController is responsible for managing access rule and principal. */ public abstract class AuthorizationAccessController { - private static final Logger LOG = Logger.getLogger(AuthorizationAccessController.class); + /** + * Role related function + */ + public abstract List getAllRoles() throws SqoopException; + + public abstract MRole getRole(String name) throws SqoopException; + + public abstract List getRolesByPrincipal(MPrincipal principal) throws SqoopException; + + public abstract List getRolesByPrivilege(MPrivilege privilege) throws SqoopException; + + public abstract void createRole(String name) throws SqoopException; + + public abstract void updateRole(String old_name, String new_name) throws SqoopException; + + public abstract void removeRole(String name) throws SqoopException; + + /** + * Principal related function + */ + public abstract List getAllPrincipals() throws SqoopException; + + public abstract List getPrincipalsByName(String name) throws SqoopException; + + public abstract List getPrincipalsByType(String type) throws SqoopException; + + public abstract MPrincipal getPrincipal(String name, String type) throws SqoopException; + + public abstract List getPrincipalsByRole(MRole role) throws SqoopException; + + public abstract void createPrincipal(String name, String type) throws SqoopException; + + public abstract void updatePrincipal(MPrincipal old_principal, MPrincipal new_principal) throws SqoopException; + + public abstract void removePrincipalsByName(String name) throws SqoopException; + + public abstract void removePrincipalsByType(String type) throws SqoopException; + + public abstract void removePrincipal(MPrincipal principal) throws SqoopException; + + public abstract void grantRole(List principals, List roles) throws SqoopException; + + public abstract void revokeRole(List principals, List roles) throws SqoopException; + + /** + * Resource related function + */ + public abstract List getAllResources() throws SqoopException; + + public abstract List getResourcesByType(String type) throws SqoopException; + + public abstract MResource getResource(String name, String type) throws SqoopException; + + public abstract void createResource(String name, String type) throws SqoopException; + + public abstract void updateResource(MResource old_resource, MResource new_resource) throws SqoopException; + + public abstract void removeResourcesByType(String type) throws SqoopException; + + public abstract void removeResource(MResource resource) throws SqoopException; + + /** + * Privilege related function + */ + public abstract List getAllPrivileges() throws SqoopException; + + public abstract MPrivilege getPrivilegeByName(String name) throws SqoopException; + + public abstract List getPrivilegesByResource(MResource resource) throws SqoopException; + + public abstract List getPrivilegesByRole(MRole role) throws SqoopException; + + public abstract void createPrivilege(String name, MResource resource, String action, boolean with_grant_option) throws SqoopException; + + public abstract void updatePrivilege(MPrivilege old_privilege, MPrivilege new_privilege) throws SqoopException; + + public abstract void removePrivilege(String name) throws SqoopException; + + public abstract void removePrivilegesByResource(MResource resource) throws SqoopException; + + public abstract void grantPrivileges(List principals, List privileges) throws SqoopException; + + public abstract void revokePrivileges(List principals, List privileges) throws SqoopException; } \ No newline at end of file diff --git a/core/src/main/java/org/apache/sqoop/security/AuthorizationHandler.java b/core/src/main/java/org/apache/sqoop/security/AuthorizationHandler.java index 865c6dc8..51fc2dc1 100644 --- a/core/src/main/java/org/apache/sqoop/security/AuthorizationHandler.java +++ b/core/src/main/java/org/apache/sqoop/security/AuthorizationHandler.java @@ -18,31 +18,104 @@ package org.apache.sqoop.security; import org.apache.log4j.Logger; +import org.apache.sqoop.common.SqoopException; +import org.apache.sqoop.model.MPrincipal; +import org.apache.sqoop.model.MPrivilege; +import org.apache.sqoop.model.MResource; +import org.apache.sqoop.model.MRole; + +import java.util.List; /*** * AuthorizationHandler is responsible for controlling role based access. */ public abstract class AuthorizationHandler { - private static final Logger LOG = Logger.getLogger(AuthorizationHandler.class); + public abstract void doInitialize() throws ClassNotFoundException, IllegalAccessException, InstantiationException; - protected AuthorizationAccessController authorizationAccessController; + /** + * Role related function + */ + public abstract List getAllRoles() throws SqoopException; - protected AuthorizationValidator authorizationValidator; + public abstract MRole getRole(String name) throws SqoopException; - public AuthorizationValidator getAuthorizationValidator() { - return authorizationValidator; - } + public abstract List getRolesByPrincipal(MPrincipal principal) throws SqoopException; - public void setAuthorizationValidator(AuthorizationValidator authorizationValidator) { - this.authorizationValidator = authorizationValidator; - } + public abstract List getRolesByPrivilege(MPrivilege privilege) throws SqoopException; - public AuthorizationAccessController getAuthorizationAccessController() { - return authorizationAccessController; - } + public abstract void createRole(String name) throws SqoopException; - public void setAuthorizationAccessController(AuthorizationAccessController authorizationAccessController) { - this.authorizationAccessController = authorizationAccessController; - } + public abstract void updateRole(String old_name, String new_name) throws SqoopException; + + public abstract void removeRole(String name) throws SqoopException; + + /** + * Principal related function + */ + public abstract List getAllPrincipals() throws SqoopException; + + public abstract List getPrincipalsByName(String name) throws SqoopException; + + public abstract List getPrincipalsByType(String type) throws SqoopException; + + public abstract MPrincipal getPrincipal(String name, String type) throws SqoopException; + + public abstract List getPrincipalsByRole(MRole role) throws SqoopException; + + public abstract void createPrincipal(String name, String type) throws SqoopException; + + public abstract void updatePrincipal(MPrincipal old_principal, MPrincipal new_principal) throws SqoopException; + + public abstract void removePrincipalsByName(String name) throws SqoopException; + + public abstract void removePrincipalsByType(String type) throws SqoopException; + + public abstract void removePrincipal(MPrincipal principal) throws SqoopException; + + public abstract void grantRole(List principals, List roles) throws SqoopException; + + public abstract void revokeRole(List principals, List roles) throws SqoopException; + + /** + * Resource related function + */ + public abstract List getAllResources() throws SqoopException; + + public abstract List getResourcesByType(String type) throws SqoopException; + + public abstract MResource getResource(String name, String type) throws SqoopException; + + public abstract void createResource(String name, String type) throws SqoopException; + + public abstract void updateResource(MResource old_resource, MResource new_resource) throws SqoopException; + + public abstract void removeResourcesByType(String type) throws SqoopException; + + public abstract void removeResource(MResource resource) throws SqoopException; + + /** + * Privilege related function + */ + public abstract List getAllPrivileges() throws SqoopException; + + public abstract MPrivilege getPrivilegeByName(String name) throws SqoopException; + + public abstract List getPrivilegesByResource(MResource resource) throws SqoopException; + + public abstract List getPrivilegesByRole(MRole role) throws SqoopException; + + public abstract void createPrivilege(String name, MResource resource, String action, boolean with_grant_option) throws SqoopException; + + public abstract void updatePrivilege(MPrivilege old_privilege, MPrivilege new_privilege) throws SqoopException; + + public abstract void removePrivilege(String name) throws SqoopException; + + public abstract void removePrivilegesByResource(MResource resource) throws SqoopException; + + public abstract void grantPrivileges(List principals, List privileges) throws SqoopException; + + public abstract void revokePrivileges(List principals, List privileges) throws SqoopException; + + public abstract void checkPrivileges(MPrincipal principal, List privileges) throws SqoopException; } \ No newline at end of file diff --git a/core/src/main/java/org/apache/sqoop/security/AuthorizationManager.java b/core/src/main/java/org/apache/sqoop/security/AuthorizationManager.java index 4d66bf79..cfa7a668 100644 --- a/core/src/main/java/org/apache/sqoop/security/AuthorizationManager.java +++ b/core/src/main/java/org/apache/sqoop/security/AuthorizationManager.java @@ -34,16 +34,6 @@ public class AuthorizationManager implements Reconfigurable { */ public static final String DEFAULT_AUTHORIZATION_HANDLER = "org.apache.sqoop.security.Authorization.DefaultAuthorizationHandler"; - /** - * Default authorization access controller - */ - public static final String DEFAULT_AUTHORIZATION_ACCESS_CONTROLLER = "org.apache.sqoop.security.Authorization.DefaultAuthorizationAccessController"; - - /** - * Default authorization validator - */ - public static final String DEFAULT_AUTHORIZATION_VALIDATOR = "org.apache.sqoop.security.Authorization.DefaultAuthorizationValidator"; - /** * Default authorization auto upgrade option value */ @@ -98,24 +88,12 @@ public static AuthorizationHandler getAuthorizationHandler() { public synchronized void initialize() throws ClassNotFoundException, IllegalAccessException, InstantiationException { LOG.trace("Begin authorization manager initialization"); - MapContext mapContext = SqoopConfiguration.getInstance().getContext(); - String handler = mapContext.getString(SecurityConstants.AUTHORIZATION_HANDLER, - DEFAULT_AUTHORIZATION_HANDLER).trim(); + String handler = SqoopConfiguration.getInstance().getContext().getString( + SecurityConstants.AUTHORIZATION_HANDLER, + DEFAULT_AUTHORIZATION_HANDLER).trim(); authorizationHandler = SecurityFactory.getAuthorizationHandler(handler); - - String accessController = mapContext.getString( - SecurityConstants.AUTHORIZATION_ACCESS_CONTROLLER, - DEFAULT_AUTHORIZATION_ACCESS_CONTROLLER).trim(); - AuthorizationAccessController authorizationAccessController = - SecurityFactory.getAuthorizationAccessController(accessController); - authorizationHandler.setAuthorizationAccessController(authorizationAccessController); - - String validator = mapContext.getString(SecurityConstants.AUTHORIZATION_VALIDATOR, - DEFAULT_AUTHORIZATION_VALIDATOR).trim(); - AuthorizationValidator authorizationValidator = - SecurityFactory.getAuthorizationValidator(validator); - authorizationHandler.setAuthorizationValidator(authorizationValidator); + authorizationHandler.doInitialize(); LOG.info("Authorization loaded."); } diff --git a/core/src/main/java/org/apache/sqoop/security/AuthorizationValidator.java b/core/src/main/java/org/apache/sqoop/security/AuthorizationValidator.java index 7c410151..c6482fbe 100644 --- a/core/src/main/java/org/apache/sqoop/security/AuthorizationValidator.java +++ b/core/src/main/java/org/apache/sqoop/security/AuthorizationValidator.java @@ -17,13 +17,17 @@ */ package org.apache.sqoop.security; -import org.apache.log4j.Logger; +import org.apache.sqoop.common.SqoopException; +import org.apache.sqoop.model.MPrincipal; +import org.apache.sqoop.model.MPrivilege; + +import java.util.List; /*** * AuthorizationHandler is responsible for checking access. */ public abstract class AuthorizationValidator { - private static final Logger LOG = Logger.getLogger(AuthorizationValidator.class); + public abstract void checkPrivileges(MPrincipal principal, List privileges) throws SqoopException; } \ No newline at end of file diff --git a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationAccessController.java b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationAccessController.java index c8839f80..02f8f3b1 100644 --- a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationAccessController.java +++ b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationAccessController.java @@ -18,9 +18,241 @@ package org.apache.sqoop.security.Authorization; import org.apache.log4j.Logger; +import org.apache.sqoop.common.SqoopException; +import org.apache.sqoop.model.MPrincipal; +import org.apache.sqoop.model.MPrivilege; +import org.apache.sqoop.model.MResource; +import org.apache.sqoop.model.MRole; import org.apache.sqoop.security.AuthorizationAccessController; +import java.security.Principal; +import java.util.List; + public class DefaultAuthorizationAccessController extends AuthorizationAccessController { private static final Logger LOG = Logger.getLogger(DefaultAuthorizationAccessController.class); + + /** + * Role related function + */ + public List getAllRoles() throws SqoopException { + LOG.debug("Get all roles in default authorization access controller: return null"); + return null; + } + + public MRole getRole(String name) throws SqoopException { + LOG.debug("Get role in default authorization access controller: return null"); + LOG.debug("name: " + name); + return null; + } + + public List getRolesByPrincipal(MPrincipal principal) throws SqoopException { + LOG.debug("Get roles by principal in default authorization access controller: return null"); + LOG.debug("principal: " + principal.toString()); + return null; + } + + public List getRolesByPrivilege(MPrivilege privilege) throws SqoopException { + LOG.debug("Get roles by privilege in default authorization access controller: return null"); + LOG.debug("privilege: " + privilege.toString()); + return null; + } + + public void createRole(String name) throws SqoopException { + LOG.debug("Create role in default authorization access controller: empty function"); + LOG.debug("name: " + name); + } + + public void updateRole(String old_name, String new_name) throws SqoopException { + LOG.debug("Update role in default authorization access controller: empty function"); + LOG.debug("old name: " + old_name + ", new name: " + new_name); + } + + public void removeRole(String name) throws SqoopException { + LOG.debug("Remove role in default authorization access controller: empty function"); + LOG.debug("name: " + name); + } + + /** + * Principal related function + */ + public List getAllPrincipals() throws SqoopException { + LOG.debug("Get all principals in default authorization access controller: return null"); + return null; + } + + public List getPrincipalsByName(String name) throws SqoopException { + LOG.debug("Get principals by name in default authorization access controller: return null"); + LOG.debug("name: " + name); + return null; + } + + public List getPrincipalsByType(String type) throws SqoopException { + LOG.debug("Get principals by type in default authorization access controller: return null"); + LOG.debug("type: " + type); + return null; + } + + public MPrincipal getPrincipal(String name, String type) throws SqoopException { + LOG.debug("Get principal in default authorization access controller: return null"); + LOG.debug("name: " + name + ", type: " + type); + return null; + } + + public List getPrincipalsByRole(MRole role) throws SqoopException { + LOG.debug("Get principals by role in default authorization access controller: return null"); + LOG.debug("role: " + role.toString()); + return null; + } + + public void createPrincipal(String name, String type) throws SqoopException { + LOG.debug("Create principal in default authorization access controller: empty function"); + LOG.debug("name: " + name + ", type: " + type); + } + + public void updatePrincipal(MPrincipal old_principal, MPrincipal new_principal) throws SqoopException { + LOG.debug("Update principal in default authorization access controller: empty function"); + LOG.debug("old principal: " + old_principal + ", new principal: " + new_principal); + } + + public void removePrincipalsByName(String name) throws SqoopException { + LOG.debug("Remove principals by name in default authorization access controller: empty function"); + LOG.debug("name: " + name); + } + + public void removePrincipalsByType(String type) throws SqoopException { + LOG.debug("Remove principals by type in default authorization access controller: empty function"); + LOG.debug("type: " + type); + } + + public void removePrincipal(MPrincipal principal) throws SqoopException { + LOG.debug("Remove principal in default authorization access controller: empty function"); + LOG.debug("principal: " + principal.toString()); + } + + public void grantRole(List principals, List roles) throws SqoopException { + LOG.debug("Grant role in default authorization access controller: empty function"); + for (MPrincipal principal : principals) { + LOG.debug("principal: " + principal.toString()); + } + for (MRole role : roles) { + LOG.debug("role: " + role.toString()); + } + } + + public void revokeRole(List principals, List roles) throws SqoopException { + LOG.debug("Revoke role in default authorization access controller: empty function"); + for (MPrincipal principal : principals) { + LOG.debug("principal: " + principal.toString()); + } + for (MRole role : roles) { + LOG.debug("role: " + role.toString()); + } + } + + /** + * Resource related function + */ + public List getAllResources() throws SqoopException { + LOG.debug("Get all resources in default authorization access controller: return null"); + return null; + } + + public List getResourcesByType(String type) throws SqoopException { + LOG.debug("Get resources by type in default authorization access controller: return null"); + LOG.debug("type: " + type); + return null; + } + + public MResource getResource(String name, String type) throws SqoopException { + LOG.debug("Get resource in default authorization access controller: return null"); + LOG.debug("name: " + name + ", type: " + type); + return null; + } + + public void createResource(String name, String type) throws SqoopException { + LOG.debug("Create resource in default authorization access controller: empty function"); + LOG.debug("name: " + name + ", type: " + type); + } + + public void updateResource(MResource old_resource, MResource new_resource) throws SqoopException { + LOG.debug("Update resource in default authorization access controller: empty function"); + LOG.debug("old_resource: " + old_resource + ", new_resource: " + new_resource); + } + + public void removeResourcesByType(String type) throws SqoopException { + LOG.debug("Remove resource by type in default authorization access controller: empty function"); + LOG.debug("type: " + type); + } + + public void removeResource(MResource resource) throws SqoopException { + LOG.debug("Remove resource in default authorization access controller: empty function"); + LOG.debug("resource: " + resource.toString()); + } + + /** + * Privilege related function + */ + public List getAllPrivileges() throws SqoopException { + LOG.debug("Get all privileges in default authorization access controller: return null"); + return null; + } + + public MPrivilege getPrivilegeByName(String name) throws SqoopException { + LOG.debug("Get privileges by name in default authorization access controller: return null"); + LOG.debug("name: " + name); + return null; + } + + public List getPrivilegesByResource(MResource resource) throws SqoopException { + LOG.debug("Get privileges by resource in default authorization access controller: return null"); + LOG.debug("resource: " + resource.toString()); + return null; + } + + public List getPrivilegesByRole(MRole role) throws SqoopException { + LOG.debug("Get privileges by role in default authorization access controller: return null"); + LOG.debug("role: " + role.toString()); + return null; + } + + public void createPrivilege(String name, MResource resource, String action, boolean with_grant_option) throws SqoopException { + LOG.debug("Create privilege in default authorization access controller: empty function"); + LOG.debug("name: " + name + ", resource: " + resource.toString() + ", action: " + action + ", with grant option: " + with_grant_option); + } + + public void updatePrivilege(MPrivilege old_privilege, MPrivilege new_privilege) throws SqoopException { + LOG.debug("Update privilege in default authorization access controller: empty function"); + LOG.debug("old_privilege: " + old_privilege + ", new_privilege: " + new_privilege); + } + + public void removePrivilege(String name) throws SqoopException { + LOG.debug("Remove privilege in default authorization access controller: empty function"); + LOG.debug("name: " + name); + } + + public void removePrivilegesByResource(MResource resource) throws SqoopException { + LOG.debug("Remove privileges by resource in default authorization access controller: empty function"); + LOG.debug("resource: " + resource.toString()); + } + + public void grantPrivileges(List principals, List privileges) throws SqoopException { + LOG.debug("Grant privileges in default authorization access controller: empty function"); + for (MPrincipal principal : principals) { + LOG.debug("principal: " + principal.toString()); + } + for (MPrivilege privilege : privileges) { + LOG.debug("privilege: " + privilege.toString()); + } + } + + public void revokePrivileges(List principals, List privileges) throws SqoopException { + LOG.debug("Revoke privileges in default authorization access controller: empty function"); + for (MPrincipal principal : principals) { + LOG.debug("principal: " + principal.toString()); + } + for (MPrivilege privilege : privileges) { + LOG.debug("privilege: " + privilege.toString()); + } + } } \ No newline at end of file diff --git a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationHandler.java b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationHandler.java index a176b4dc..9cd2e338 100644 --- a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationHandler.java +++ b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationHandler.java @@ -18,9 +18,221 @@ package org.apache.sqoop.security.Authorization; import org.apache.log4j.Logger; -import org.apache.sqoop.security.AuthorizationHandler; +import org.apache.sqoop.common.MapContext; +import org.apache.sqoop.common.SqoopException; +import org.apache.sqoop.core.SqoopConfiguration; +import org.apache.sqoop.model.MPrincipal; +import org.apache.sqoop.model.MPrivilege; +import org.apache.sqoop.model.MResource; +import org.apache.sqoop.model.MRole; +import org.apache.sqoop.security.*; + +import java.util.List; public class DefaultAuthorizationHandler extends AuthorizationHandler { + /** + * Default authorization access controller + */ + public static final String DEFAULT_AUTHORIZATION_ACCESS_CONTROLLER = "org.apache.sqoop.security.Authorization.DefaultAuthorizationAccessController"; + + /** + * Default authorization validator + */ + public static final String DEFAULT_AUTHORIZATION_VALIDATOR = "org.apache.sqoop.security.Authorization.DefaultAuthorizationValidator"; + private static final Logger LOG = Logger.getLogger(DefaultAuthorizationHandler.class); + + protected AuthorizationAccessController authorizationAccessController; + + protected AuthorizationValidator authorizationValidator; + + public AuthorizationValidator getAuthorizationValidator() { + return authorizationValidator; + } + + public void setAuthorizationValidator(AuthorizationValidator authorizationValidator) { + this.authorizationValidator = authorizationValidator; + } + + public AuthorizationAccessController getAuthorizationAccessController() { + return authorizationAccessController; + } + + public void setAuthorizationAccessController(AuthorizationAccessController authorizationAccessController) { + this.authorizationAccessController = authorizationAccessController; + } + + public void doInitialize() throws ClassNotFoundException, IllegalAccessException, InstantiationException { + MapContext mapContext = SqoopConfiguration.getInstance().getContext(); + String accessController = mapContext.getString( + SecurityConstants.AUTHORIZATION_ACCESS_CONTROLLER, + DEFAULT_AUTHORIZATION_ACCESS_CONTROLLER).trim(); + this.authorizationAccessController = SecurityFactory.getAuthorizationAccessController(accessController); + + String validator = mapContext.getString( + SecurityConstants.AUTHORIZATION_VALIDATOR, + DEFAULT_AUTHORIZATION_VALIDATOR).trim(); + this.authorizationValidator = SecurityFactory.getAuthorizationValidator(validator); + } + + /** + * Role related function + */ + public List getAllRoles() throws SqoopException { + return this.authorizationAccessController.getAllRoles(); + } + + public MRole getRole(String name) throws SqoopException { + return this.authorizationAccessController.getRole(name); + } + + public List getRolesByPrincipal(MPrincipal principal) throws SqoopException { + return this.authorizationAccessController.getRolesByPrincipal(principal); + } + + public List getRolesByPrivilege(MPrivilege privilege) throws SqoopException { + return this.authorizationAccessController.getRolesByPrivilege(privilege); + } + + public void createRole(String name) throws SqoopException { + this.authorizationAccessController.createRole(name); + } + + public void updateRole(String old_name, String new_name) throws SqoopException { + this.authorizationAccessController.updateRole(old_name, new_name); + } + + public void removeRole(String name) throws SqoopException { + this.authorizationAccessController.removeRole(name); + } + + /** + * Principal related function + */ + public List getAllPrincipals() throws SqoopException { + return this.authorizationAccessController.getAllPrincipals(); + } + + public List getPrincipalsByName(String name) throws SqoopException { + return this.authorizationAccessController.getPrincipalsByName(name); + } + + public List getPrincipalsByType(String type) throws SqoopException { + return this.authorizationAccessController.getPrincipalsByType(type); + } + + public MPrincipal getPrincipal(String name, String type) throws SqoopException { + return this.authorizationAccessController.getPrincipal(name, type); + } + + public List getPrincipalsByRole(MRole role) throws SqoopException { + return this.authorizationAccessController.getPrincipalsByRole(role); + } + + public void createPrincipal(String name, String type) throws SqoopException { + this.authorizationAccessController.createPrincipal(name, type); + } + + public void updatePrincipal(MPrincipal old_principal, MPrincipal new_principal) throws SqoopException { + this.authorizationAccessController.updatePrincipal(old_principal, new_principal); + } + + public void removePrincipalsByName(String name) throws SqoopException { + this.authorizationAccessController.removePrincipalsByName(name); + } + + public void removePrincipalsByType(String type) throws SqoopException { + this.authorizationAccessController.removePrincipalsByType(type); + } + + public void removePrincipal(MPrincipal principal) throws SqoopException { + this.authorizationAccessController.removePrincipal(principal); + } + + public void grantRole(List principals, List roles) throws SqoopException { + this.authorizationAccessController.grantRole(principals, roles); + } + + public void revokeRole(List principals, List roles) throws SqoopException { + this.authorizationAccessController.revokeRole(principals, roles); + } + + /** + * Resource related function + */ + public List getAllResources() throws SqoopException { + return this.authorizationAccessController.getAllResources(); + } + + public List getResourcesByType(String type) throws SqoopException { + return this.authorizationAccessController.getResourcesByType(type); + } + + public MResource getResource(String name, String type) throws SqoopException { + return this.authorizationAccessController.getResource(name, type); + } + + public void createResource(String name, String type) throws SqoopException { + this.authorizationAccessController.createResource(name, type); + } + + public void updateResource(MResource old_resource, MResource new_resource) throws SqoopException { + this.authorizationAccessController.updateResource(old_resource, new_resource); + } + + public void removeResourcesByType(String type) throws SqoopException { + this.authorizationAccessController.removeResourcesByType(type); + } + + public void removeResource(MResource resource) throws SqoopException { + this.authorizationAccessController.removeResource(resource); + } + + /** + * Privilege related function + */ + public List getAllPrivileges() throws SqoopException { + return this.authorizationAccessController.getAllPrivileges(); + } + + public MPrivilege getPrivilegeByName(String name) throws SqoopException { + return this.authorizationAccessController.getPrivilegeByName(name); + } + + public List getPrivilegesByResource(MResource resource) throws SqoopException { + return this.authorizationAccessController.getPrivilegesByResource(resource); + } + + public List getPrivilegesByRole(MRole role) throws SqoopException { + return this.authorizationAccessController.getPrivilegesByRole(role); + } + + public void createPrivilege(String name, MResource resource, String action, boolean with_grant_option) throws SqoopException { + this.authorizationAccessController.createPrivilege(name, resource, action, with_grant_option); + } + + public void updatePrivilege(MPrivilege old_privilege, MPrivilege new_privilege) throws SqoopException { + this.authorizationAccessController.updatePrivilege(old_privilege, new_privilege); + } + + public void removePrivilege(String name) throws SqoopException { + this.authorizationAccessController.removePrivilege(name); + } + + public void removePrivilegesByResource(MResource resource) throws SqoopException { + this.authorizationAccessController.removePrivilegesByResource(resource); + } + + public void grantPrivileges(List principals, List privileges) throws SqoopException { + this.authorizationAccessController.grantPrivileges(principals, privileges); + } + + public void revokePrivileges(List principals, List privileges) throws SqoopException { + this.authorizationAccessController.revokePrivileges(principals, privileges); + } + + public void checkPrivileges(MPrincipal principal, List privileges) throws SqoopException { + this.authorizationValidator.checkPrivileges(principal, privileges); + } } \ No newline at end of file diff --git a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationValidator.java b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationValidator.java index 0842c81e..bbde2816 100644 --- a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationValidator.java +++ b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationValidator.java @@ -18,9 +18,22 @@ package org.apache.sqoop.security.Authorization; import org.apache.log4j.Logger; +import org.apache.sqoop.common.SqoopException; +import org.apache.sqoop.model.MPrincipal; +import org.apache.sqoop.model.MPrivilege; import org.apache.sqoop.security.AuthorizationValidator; +import java.util.List; + public class DefaultAuthorizationValidator extends AuthorizationValidator { private static final Logger LOG = Logger.getLogger(DefaultAuthorizationValidator.class); + + public void checkPrivileges(MPrincipal principal, List privileges) throws SqoopException { + LOG.debug("Check privilege in default authorization validator: always valid"); + LOG.debug("principal: " + principal.toString()); + for (MPrivilege privilege : privileges) { + LOG.debug("privilege: " + privilege.toString()); + } + } } \ No newline at end of file