You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@iotdb.apache.org by qi...@apache.org on 2022/12/07 12:13:00 UTC
[iotdb] branch master updated: [IOTDB-4930] Optimize auth code and specific auth related status code (#8365)
This is an automated email from the ASF dual-hosted git repository.
qiaojialin pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/iotdb.git
The following commit(s) were added to refs/heads/master by this push:
new f4fa8b976b [IOTDB-4930] Optimize auth code and specific auth related status code (#8365)
f4fa8b976b is described below
commit f4fa8b976b9a6db3c55c44c0bcea187c2d9525d6
Author: ZhangHongYin <46...@users.noreply.github.com>
AuthorDate: Wed Dec 7 20:12:54 2022 +0800
[IOTDB-4930] Optimize auth code and specific auth related status code (#8365)
---
.../iotdb/confignode/persistence/AuthorInfo.java | 88 +++-----
docs/UserGuide/Reference/Status-Codes.md | 240 +++++++++++----------
docs/zh/UserGuide/Reference/Status-Codes.md | 240 +++++++++++----------
.../apache/iotdb/commons/auth/AuthException.java | 16 +-
.../commons/auth/authorizer/BasicAuthorizer.java | 68 ++++--
.../commons/auth/authorizer/OpenIdAuthorizer.java | 28 +--
.../iotdb/commons/auth/entity/PathPrivilege.java | 4 +-
.../iotdb/commons/auth/role/BasicRoleManager.java | 19 +-
.../commons/auth/role/LocalFileRoleAccessor.java | 14 +-
.../iotdb/commons/auth/user/BasicUserManager.java | 50 +++--
.../commons/auth/user/LocalFileUserAccessor.java | 10 +-
.../org/apache/iotdb/commons/utils/AuthUtils.java | 185 +++++++++-------
.../apache/iotdb/commons/utils/StatusUtils.java | 4 +-
.../org/apache/iotdb/db/auth/AuthorityChecker.java | 4 +-
.../apache/iotdb/db/auth/AuthorizerManager.java | 75 ++++---
.../iotdb/db/auth/StandaloneAuthorityFetcher.java | 4 +-
.../iotdb/db/localconfignode/LocalConfigNode.java | 58 ++---
.../influxdb/handler/AbstractQueryHandler.java | 3 +-
.../protocol/rest/filter/AuthorizationFilter.java | 33 +--
.../apache/iotdb/db/qp/executor/PlanExecutor.java | 9 +-
.../iotdb/db/query/control/SessionManager.java | 62 +++---
.../java/org/apache/iotdb/rpc/TSStatusCode.java | 18 +-
22 files changed, 634 insertions(+), 598 deletions(-)
diff --git a/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java b/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java
index 53ca5368d3..3f7a473bc5 100644
--- a/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java
+++ b/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java
@@ -126,7 +126,7 @@ public class AuthorInfo implements SnapshotProcessor {
result = getUserPermissionInfo(username);
result.setStatus(RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS));
} catch (AuthException e) {
- result.setStatus(RpcUtils.getStatus(TSStatusCode.AUTHENTICATION_ERROR, e.getMessage()));
+ result.setStatus(RpcUtils.getStatus(e.getCode(), e.getMessage()));
}
} else {
result = AuthUtils.generateEmptyPermissionInfoResp();
@@ -142,7 +142,7 @@ public class AuthorInfo implements SnapshotProcessor {
}
} catch (AuthException e) {
logger.error("Error occurs when checking the seriesPath {} for user {}", path, username, e);
- throw new AuthException(e);
+ throw new AuthException(e.getCode(), e);
}
return false;
}
@@ -207,10 +207,12 @@ public class AuthorInfo implements SnapshotProcessor {
authorizer.revokeRoleFromUser(roleName, userName);
break;
default:
- throw new AuthException("unknown type: " + authorPlan.getAuthorType());
+ throw new AuthException(
+ TSStatusCode.UNSUPPORTED_AUTH_OPERATION,
+ "unknown type: " + authorPlan.getAuthorType());
}
} catch (AuthException e) {
- return RpcUtils.getStatus(TSStatusCode.AUTHENTICATION_ERROR, e.getMessage());
+ return RpcUtils.getStatus(e.getCode(), e.getMessage());
}
return RpcUtils.getStatus(TSStatusCode.SUCCESS_STATUS);
}
@@ -220,18 +222,13 @@ public class AuthorInfo implements SnapshotProcessor {
Map<String, List<String>> permissionInfo = new HashMap<>();
List<String> userList = authorizer.listAllUsers();
if (!plan.getRoleName().isEmpty()) {
- Role role;
- try {
- role = authorizer.getRole(plan.getRoleName());
- if (role == null) {
- result.setStatus(
- RpcUtils.getStatus(
- TSStatusCode.ROLE_NOT_EXIST, "No such role : " + plan.getRoleName()));
- result.setPermissionInfo(permissionInfo);
- return result;
- }
- } catch (AuthException e) {
- throw new AuthException(e);
+ Role role = authorizer.getRole(plan.getRoleName());
+ if (role == null) {
+ result.setStatus(
+ RpcUtils.getStatus(
+ TSStatusCode.ROLE_NOT_EXIST, "No such role : " + plan.getRoleName()));
+ result.setPermissionInfo(permissionInfo);
+ return result;
}
Iterator<String> itr = userList.iterator();
while (itr.hasNext()) {
@@ -255,22 +252,15 @@ public class AuthorInfo implements SnapshotProcessor {
if (plan.getUserName().isEmpty()) {
roleList.addAll(authorizer.listAllRoles());
} else {
- User user;
- try {
- user = authorizer.getUser(plan.getUserName());
- if (user == null) {
- result.setStatus(
- RpcUtils.getStatus(
- TSStatusCode.USER_NOT_EXIST, "No such user : " + plan.getUserName()));
- result.setPermissionInfo(permissionInfo);
- return result;
- }
- } catch (AuthException e) {
- throw new AuthException(e);
- }
- for (String roleN : user.getRoleList()) {
- roleList.add(roleN);
+ User user = authorizer.getUser(plan.getUserName());
+ if (user == null) {
+ result.setStatus(
+ RpcUtils.getStatus(
+ TSStatusCode.USER_NOT_EXIST, "No such user : " + plan.getUserName()));
+ result.setPermissionInfo(permissionInfo);
+ return result;
}
+ roleList.addAll(user.getRoleList());
}
permissionInfo.put(IoTDBConstant.COLUMN_ROLE, roleList);
@@ -282,18 +272,12 @@ public class AuthorInfo implements SnapshotProcessor {
public PermissionInfoResp executeListRolePrivileges(AuthorPlan plan) throws AuthException {
PermissionInfoResp result = new PermissionInfoResp();
Map<String, List<String>> permissionInfo = new HashMap<>();
- Role role;
- try {
- role = authorizer.getRole(plan.getRoleName());
- if (role == null) {
- result.setStatus(
- RpcUtils.getStatus(
- TSStatusCode.ROLE_NOT_EXIST, "No such role : " + plan.getRoleName()));
- result.setPermissionInfo(permissionInfo);
- return result;
- }
- } catch (AuthException e) {
- throw new AuthException(e);
+ Role role = authorizer.getRole(plan.getRoleName());
+ if (role == null) {
+ result.setStatus(
+ RpcUtils.getStatus(TSStatusCode.ROLE_NOT_EXIST, "No such role : " + plan.getRoleName()));
+ result.setPermissionInfo(permissionInfo);
+ return result;
}
Set<String> rolePrivilegesSet = new HashSet<>();
for (PathPrivilege pathPrivilege : role.getPrivilegeList()) {
@@ -317,18 +301,12 @@ public class AuthorInfo implements SnapshotProcessor {
public PermissionInfoResp executeListUserPrivileges(AuthorPlan plan) throws AuthException {
PermissionInfoResp result = new PermissionInfoResp();
Map<String, List<String>> permissionInfo = new HashMap<>();
- User user;
- try {
- user = authorizer.getUser(plan.getUserName());
- if (user == null) {
- result.setStatus(
- RpcUtils.getStatus(
- TSStatusCode.USER_NOT_EXIST, "No such user : " + plan.getUserName()));
- result.setPermissionInfo(permissionInfo);
- return result;
- }
- } catch (AuthException e) {
- throw new AuthException(e);
+ User user = authorizer.getUser(plan.getUserName());
+ if (user == null) {
+ result.setStatus(
+ RpcUtils.getStatus(TSStatusCode.USER_NOT_EXIST, "No such user : " + plan.getUserName()));
+ result.setPermissionInfo(permissionInfo);
+ return result;
}
List<String> userPrivilegesList = new ArrayList<>();
diff --git a/docs/UserGuide/Reference/Status-Codes.md b/docs/UserGuide/Reference/Status-Codes.md
index 9d26153bfe..57b97f79b2 100644
--- a/docs/UserGuide/Reference/Status-Codes.md
+++ b/docs/UserGuide/Reference/Status-Codes.md
@@ -42,122 +42,130 @@ With Status Code, instead of writing codes like `if (e.getErrorMessage().contain
Here is a list of Status Code and related message:
-|Status Code|Status Type|Meanings|
-|:--|:---|:---|
-|200|SUCCESS_STATUS||
-|201|INCOMPATIBLE_VERSION|Incompatible version|
-|202|CONFIGURATION_ERROR|Configuration error|
-|203|START_UP_ERROR|Meet error while starting|
-|204|SHUT_DOWN_ERROR|Meet error while shutdown|
-|300|UNSUPPORTED_OPERATION|Unsupported operation|
-|301|EXECUTE_STATEMENT_ERROR|Execute statement error|
-|302|MULTIPLE_ERROR|Meet error when executing multiple statements|
-|303|ILLEGAL_PARAMETER|Parameter is illegal|
-|304|OVERLAP_WITH_EXISTING_TASK|Current task has some conflict with existing tasks|
-|305|INTERNAL_SERVER_ERROR|Internal server error|
-|400|REDIRECTION_RECOMMEND|Recommend Client redirection|
-|500|DATABASE_NOT_EXIST|Database does not exist|
-|501|DATABASE_ALREADY_EXISTS|Database already exist|
-|502|SERIES_OVERFLOW|Series number exceeds the threshold|
-|503|TIMESERIES_ALREADY_EXIST|Timeseries already exists|
-|504|TIMESERIES_IN_BLACK_LIST|Timeseries is being deleted|
-|505|ALIAS_ALREADY_EXIST|Alias already exists|
-|506|PATH_ALREADY_EXIST|Path already exists|
-|507|METADATA_ERROR|Meet error when dealing with metadata|
-|508|PATH_NOT_EXIST|Path does not exist|
-|509|ILLEGAL_PATH|Illegal path|
-|510|CREATE_TEMPLATE_ERROR|Create schema template error|
-|511|DUPLICATED_TEMPLATE|Schema template is duplicated|
-|512|UNDEFINED_TEMPLATE|Schema template is not defined|
-|513|TEMPLATE_NOT_SET|Schema template is not set|
-|514|DIFFERENT_TEMPLATE|Template is not consistent|
-|515|TEMPLATE_IS_IN_USE|Template is in use|
-|516|TEMPLATE_INCOMPATIBLE|Template is not compatible|
-|517|SEGMENT_NOT_FOUND|Segment not found|
-|518|PAGE_OUT_OF_SPACE|No enough space on schema page|
-|519|RECORD_DUPLICATED|Record is duplicated|
-|520|SEGMENT_OUT_OF_SPACE|No enough space on schema segment|
-|521|SCHEMA_FILE_NOT_EXISTS|SchemaFile does not exist|
-|522|OVERSIZE_RECORD|Size of record exceeds the threshold of page of SchemaFile|
-|523|SCHEMA_FILE_REDO_LOG_BROKEN|SchemaFile redo log has broken|
-|524|TEMPLATE_NOT_ACTIVATED|Schema template is not activated|
-|600|SYSTEM_READ_ONLY|IoTDB system is read only|
-|601|STORAGE_ENGINE_ERROR|Storage engine related error|
-|602|STORAGE_ENGINE_NOT_READY|The storage engine is in recovery, not ready fore accepting read/write operation|
-|603|DATAREGION_PROCESS_ERROR|DataRegion related error|
-|604|TSFILE_PROCESSOR_ERROR|TsFile processor related error|
-|605|WRITE_PROCESS_ERROR|Writing data related error|
-|606|WRITE_PROCESS_REJECT|Writing data rejected error|
-|607|OUT_OF_TTL|Insertion time is less than TTL time bound|
-|608|COMPACTION_ERROR|Meet error while merging|
-|609|ALIGNED_TIMESERIES_ERROR|Meet error in aligned timeseries|
-|610|WAL_ERROR|WAL error|
-|611|DISK_SPACE_INSUFFICIENT|Disk space is insufficient|
-|700|SQL_PARSE_ERROR|Meet error while parsing SQL|
-|701|SEMANTIC_ERROR|SQL semantic error|
-|702|GENERATE_TIME_ZONE_ERROR|Meet error while generating time zone|
-|703|SET_TIME_ZONE_ERROR|Meet error while setting time zone|
-|704|QUERY_NOT_ALLOWED|Query statements are not allowed error|
-|705|LOGICAL_OPERATOR_ERROR|Logical operator related error|
-|706|LOGICAL_OPTIMIZE_ERROR|Logical optimize related error|
-|707|UNSUPPORTED_FILL_TYPE|Unsupported fill type related error|
-|708|QUERY_PROCESS_ERROR|Query process related error|
-|709|MPP_MEMORY_NOT_ENOUGH|Not enough memory for task execution in MPP|
-|710|CLOSE_OPERATION_ERROR|Meet error in close operation|
-|711|TSBLOCK_SERIALIZE_ERROR|TsBlock serialization error|
-|712|INTERNAL_REQUEST_TIME_OUT|MPP Operation timeout|
-|713|INTERNAL_REQUEST_RETRY_ERROR|Internal operation retry failed|
-|800|AUTHENTICATION_ERROR|Error in authentication|
-|801|WRONG_LOGIN_PASSWORD|Username or password is wrong|
-|802|NOT_LOGIN|Has not logged in|
-|803|NO_PERMISSION|No permissions for this operation, please add privilege|
-|804|UNINITIALIZED_AUTH_ERROR|Uninitialized authorizer|
-|805|USER_NOT_EXIST|User does not exist|
-|806|ROLE_NOT_EXIST|Role does not exist|
-|807|CLEAR_PERMISSION_CACHE_ERROR|Error when clear the permission cache|
-|900|MIGRATE_REGION_ERROR|Error when migrate region|
-|901|CREATE_REGION_ERROR|Create region error|
-|902|DELETE_REGION_ERROR|Delete region error|
-|903|PARTITION_CACHE_UPDATE_ERROR|Update partition cache failed|
-|904|CONSENSUS_NOT_INITIALIZED|Consensus is not initialized and cannot provide service|
-|905|REGION_LEADER_CHANGE_ERROR|Region leader migration failed|
-|906|NO_AVAILABLE_REGION_GROUP|Cannot find an available region group|
-|1000|DATANODE_ALREADY_REGISTERED|DataNode already registered in cluster|
-|1001|NO_ENOUGH_DATANODE|The number of DataNode is not enough, cannot remove DataNode or create enough replication|
-|1002|ADD_CONFIGNODE_ERROR|Add ConfigNode error|
-|1003|REMOVE_CONFIGNODE_ERROR|Remove ConfigNode error|
-|1004|DATANODE_NOT_EXIST|DataNode not exist error|
-|1005|DATANODE_STOP_ERROR|DataNode stop error|
-|1006|REMOVE_DATANODE_ERROR|Remove datanode failed|
-|1007|REGISTER_DATANODE_WITH_WRONG_ID|The DataNode to be registered has incorrect register id|
-|1008|CAN_NOT_CONNECT_DATANODE|Can not connect to DataNode|
-|1100|LOAD_FILE_ERROR|Meet error while loading file|
-|1101|LOAD_PIECE_OF_TSFILE_ERROR|Error when load a piece of TsFile when loading|
-|1102|DESERIALIZE_PIECE_OF_TSFILE_ERROR|Error when deserialize a piece of TsFile|
-|1103|CREATE_PIPE_SINK_ERROR|Failed to create a PIPE sink|
-|1104|PIPE_ERROR|PIPE error|
-|1105|PIPESERVER_ERROR|PIPE server error|
-|1106|SYNC_CONNECTION_ERROR|Meet error while sync connecting|
-|1107|SYNC_FILE_REDIRECTION_ERROR|Sync TsFile redirection error|
-|1108|SYNC_FILE_ERROR|Sync TsFile error|
-|1109|VERIFY_METADATA_ERROR|Meet error in validate timeseries schema|
-|1200|UDF_LOAD_CLASS_ERROR|Error when loading UDF class|
-|1201|UDF_DOWNLOAD_ERROR|DataNode cannot download UDF from ConfigNode|
-|1202|CREATE_UDF_ON_DATANODE_ERROR|Error when create UDF on DataNode|
-|1203|DROP_UDF_ON_DATANODE_ERROR|Error when drop a UDF on DataNode|
-|1300|CREATE_TRIGGER_ERROR|ConfigNode create trigger error|
-|1301|DROP_TRIGGER_ERROR|ConfigNode delete Trigger error|
-|1302|TRIGGER_FIRE_ERROR|Error when firing trigger|
-|1303|TRIGGER_LOAD_CLASS_ERROR|Error when load class of trigger|
-|1304|TRIGGER_DOWNLOAD_ERROR|Error when download trigger from ConfigNode|
-|1305|CREATE_TRIGGER_INSTANCE_ERROR|Error when create trigger instance|
-|1306|ACTIVE_TRIGGER_INSTANCE_ERROR|Error when activate trigger instance|
-|1307|DROP_TRIGGER_INSTANCE_ERROR|Error when drop trigger instance|
-|1308|UPDATE_TRIGGER_LOCATION_ERROR|Error when move stateful trigger to new datanode|
-|1400|NO_SUCH_CQ|CQ task does not exist|
-|1401|CQ_ALREADY_ACTIVE|CQ is already active|
-|1402|CQ_AlREADY_EXIST|CQ is already exist|
-|1403|CQ_UPDATE_LAST_EXEC_TIME_ERROR|CQ update last execution time failed|
+| Status Code | Status Type | Meanings |
+| :---------- | :-------------------------------- | :---------------------------------------------------------------------------------------- |
+| 200 | SUCCESS_STATUS | |
+| 201 | INCOMPATIBLE_VERSION | Incompatible version |
+| 202 | CONFIGURATION_ERROR | Configuration error |
+| 203 | START_UP_ERROR | Meet error while starting |
+| 204 | SHUT_DOWN_ERROR | Meet error while shutdown |
+| 300 | UNSUPPORTED_OPERATION | Unsupported operation |
+| 301 | EXECUTE_STATEMENT_ERROR | Execute statement error |
+| 302 | MULTIPLE_ERROR | Meet error when executing multiple statements |
+| 303 | ILLEGAL_PARAMETER | Parameter is illegal |
+| 304 | OVERLAP_WITH_EXISTING_TASK | Current task has some conflict with existing tasks |
+| 305 | INTERNAL_SERVER_ERROR | Internal server error |
+| 400 | REDIRECTION_RECOMMEND | Recommend Client redirection |
+| 500 | DATABASE_NOT_EXIST | Database does not exist |
+| 501 | DATABASE_ALREADY_EXISTS | Database already exist |
+| 502 | SERIES_OVERFLOW | Series number exceeds the threshold |
+| 503 | TIMESERIES_ALREADY_EXIST | Timeseries already exists |
+| 504 | TIMESERIES_IN_BLACK_LIST | Timeseries is being deleted |
+| 505 | ALIAS_ALREADY_EXIST | Alias already exists |
+| 506 | PATH_ALREADY_EXIST | Path already exists |
+| 507 | METADATA_ERROR | Meet error when dealing with metadata |
+| 508 | PATH_NOT_EXIST | Path does not exist |
+| 509 | ILLEGAL_PATH | Illegal path |
+| 510 | CREATE_TEMPLATE_ERROR | Create schema template error |
+| 511 | DUPLICATED_TEMPLATE | Schema template is duplicated |
+| 512 | UNDEFINED_TEMPLATE | Schema template is not defined |
+| 513 | TEMPLATE_NOT_SET | Schema template is not set |
+| 514 | DIFFERENT_TEMPLATE | Template is not consistent |
+| 515 | TEMPLATE_IS_IN_USE | Template is in use |
+| 516 | TEMPLATE_INCOMPATIBLE | Template is not compatible |
+| 517 | SEGMENT_NOT_FOUND | Segment not found |
+| 518 | PAGE_OUT_OF_SPACE | No enough space on schema page |
+| 519 | RECORD_DUPLICATED | Record is duplicated |
+| 520 | SEGMENT_OUT_OF_SPACE | No enough space on schema segment |
+| 521 | SCHEMA_FILE_NOT_EXISTS | SchemaFile does not exist |
+| 522 | OVERSIZE_RECORD | Size of record exceeds the threshold of page of SchemaFile |
+| 523 | SCHEMA_FILE_REDO_LOG_BROKEN | SchemaFile redo log has broken |
+| 524 | TEMPLATE_NOT_ACTIVATED | Schema template is not activated |
+| 600 | SYSTEM_READ_ONLY | IoTDB system is read only |
+| 601 | STORAGE_ENGINE_ERROR | Storage engine related error |
+| 602 | STORAGE_ENGINE_NOT_READY | The storage engine is in recovery, not ready fore accepting read/write operation |
+| 603 | DATAREGION_PROCESS_ERROR | DataRegion related error |
+| 604 | TSFILE_PROCESSOR_ERROR | TsFile processor related error |
+| 605 | WRITE_PROCESS_ERROR | Writing data related error |
+| 606 | WRITE_PROCESS_REJECT | Writing data rejected error |
+| 607 | OUT_OF_TTL | Insertion time is less than TTL time bound |
+| 608 | COMPACTION_ERROR | Meet error while merging |
+| 609 | ALIGNED_TIMESERIES_ERROR | Meet error in aligned timeseries |
+| 610 | WAL_ERROR | WAL error |
+| 611 | DISK_SPACE_INSUFFICIENT | Disk space is insufficient |
+| 700 | SQL_PARSE_ERROR | Meet error while parsing SQL |
+| 701 | SEMANTIC_ERROR | SQL semantic error |
+| 702 | GENERATE_TIME_ZONE_ERROR | Meet error while generating time zone |
+| 703 | SET_TIME_ZONE_ERROR | Meet error while setting time zone |
+| 704 | QUERY_NOT_ALLOWED | Query statements are not allowed error |
+| 705 | LOGICAL_OPERATOR_ERROR | Logical operator related error |
+| 706 | LOGICAL_OPTIMIZE_ERROR | Logical optimize related error |
+| 707 | UNSUPPORTED_FILL_TYPE | Unsupported fill type related error |
+| 708 | QUERY_PROCESS_ERROR | Query process related error |
+| 709 | MPP_MEMORY_NOT_ENOUGH | Not enough memory for task execution in MPP |
+| 710 | CLOSE_OPERATION_ERROR | Meet error in close operation |
+| 711 | TSBLOCK_SERIALIZE_ERROR | TsBlock serialization error |
+| 712 | INTERNAL_REQUEST_TIME_OUT | MPP Operation timeout |
+| 713 | INTERNAL_REQUEST_RETRY_ERROR | Internal operation retry failed |
+| 800 | UNINITIALIZED_AUTH_ERROR | Failed to initialize auth module |
+| 801 | WRONG_LOGIN_PASSWORD | Username or password is wrong |
+| 802 | NOT_LOGIN | Not login |
+| 803 | NO_PERMISSION | No permisstion to operate |
+| 804 | USER_NOT_EXIST | User not exists |
+| 805 | USER_ALREADY_EXIST | User already exists |
+| 806 | USER_ALREADY_HAS_ROLE | User already has target role |
+| 807 | USER_NOT_HAS_ROLE | User not has target role |
+| 808 | ROLE_NOT_EXIST | Role not exists |
+| 809 | ROLE_ALREADY_EXIST | Role already exists |
+| 810 | ALREADY_HAS_PRIVILEGE | Already has privilege |
+| 811 | NOT_HAS_PRIVILEGE | Not has privilege |
+| 812 | CLEAR_PERMISSION_CACHE_ERROR | Failed to clear permission cache |
+| 813 | UNKNOWN_AUTH_PRIVILEGE | Unknown auth privilege |
+| 814 | UNSUPPORTED_AUTH_OPERATION | Unsupported auth operation |
+| 815 | AUTH_IO_EXCEPTION | IO Exception in auth module |
+| 900 | MIGRATE_REGION_ERROR | Error when migrate region |
+| 901 | CREATE_REGION_ERROR | Create region error |
+| 902 | DELETE_REGION_ERROR | Delete region error |
+| 903 | PARTITION_CACHE_UPDATE_ERROR | Update partition cache failed |
+| 904 | CONSENSUS_NOT_INITIALIZED | Consensus is not initialized and cannot provide service |
+| 905 | REGION_LEADER_CHANGE_ERROR | Region leader migration failed |
+| 906 | NO_AVAILABLE_REGION_GROUP | Cannot find an available region group |
+| 1000 | DATANODE_ALREADY_REGISTERED | DataNode already registered in cluster |
+| 1001 | NO_ENOUGH_DATANODE | The number of DataNode is not enough, cannot remove DataNode or create enough replication |
+| 1002 | ADD_CONFIGNODE_ERROR | Add ConfigNode error |
+| 1003 | REMOVE_CONFIGNODE_ERROR | Remove ConfigNode error |
+| 1004 | DATANODE_NOT_EXIST | DataNode not exist error |
+| 1005 | DATANODE_STOP_ERROR | DataNode stop error |
+| 1006 | REMOVE_DATANODE_ERROR | Remove datanode failed |
+| 1007 | REGISTER_DATANODE_WITH_WRONG_ID | The DataNode to be registered has incorrect register id |
+| 1008 | CAN_NOT_CONNECT_DATANODE | Can not connect to DataNode |
+| 1100 | LOAD_FILE_ERROR | Meet error while loading file |
+| 1101 | LOAD_PIECE_OF_TSFILE_ERROR | Error when load a piece of TsFile when loading |
+| 1102 | DESERIALIZE_PIECE_OF_TSFILE_ERROR | Error when deserialize a piece of TsFile |
+| 1103 | CREATE_PIPE_SINK_ERROR | Failed to create a PIPE sink |
+| 1104 | PIPE_ERROR | PIPE error |
+| 1105 | PIPESERVER_ERROR | PIPE server error |
+| 1106 | SYNC_CONNECTION_ERROR | Meet error while sync connecting |
+| 1107 | SYNC_FILE_REDIRECTION_ERROR | Sync TsFile redirection error |
+| 1108 | SYNC_FILE_ERROR | Sync TsFile error |
+| 1109 | VERIFY_METADATA_ERROR | Meet error in validate timeseries schema |
+| 1200 | UDF_LOAD_CLASS_ERROR | Error when loading UDF class |
+| 1201 | UDF_DOWNLOAD_ERROR | DataNode cannot download UDF from ConfigNode |
+| 1202 | CREATE_UDF_ON_DATANODE_ERROR | Error when create UDF on DataNode |
+| 1203 | DROP_UDF_ON_DATANODE_ERROR | Error when drop a UDF on DataNode |
+| 1300 | CREATE_TRIGGER_ERROR | ConfigNode create trigger error |
+| 1301 | DROP_TRIGGER_ERROR | ConfigNode delete Trigger error |
+| 1302 | TRIGGER_FIRE_ERROR | Error when firing trigger |
+| 1303 | TRIGGER_LOAD_CLASS_ERROR | Error when load class of trigger |
+| 1304 | TRIGGER_DOWNLOAD_ERROR | Error when download trigger from ConfigNode |
+| 1305 | CREATE_TRIGGER_INSTANCE_ERROR | Error when create trigger instance |
+| 1306 | ACTIVE_TRIGGER_INSTANCE_ERROR | Error when activate trigger instance |
+| 1307 | DROP_TRIGGER_INSTANCE_ERROR | Error when drop trigger instance |
+| 1308 | UPDATE_TRIGGER_LOCATION_ERROR | Error when move stateful trigger to new datanode |
+| 1400 | NO_SUCH_CQ | CQ task does not exist |
+| 1401 | CQ_ALREADY_ACTIVE | CQ is already active |
+| 1402 | CQ_AlREADY_EXIST | CQ is already exist |
+| 1403 | CQ_UPDATE_LAST_EXEC_TIME_ERROR | CQ update last execution time failed |
> All exceptions are refactored in the latest version by extracting uniform message into exception classes. Different error codes are added to all exceptions. When an exception is caught and a higher-level exception is thrown, the error code will keep and pass so that users will know the detailed error reason.
A base exception class "ProcessException" is also added to be extended by all exceptions.
diff --git a/docs/zh/UserGuide/Reference/Status-Codes.md b/docs/zh/UserGuide/Reference/Status-Codes.md
index b8ccebbd02..6387647bbc 100644
--- a/docs/zh/UserGuide/Reference/Status-Codes.md
+++ b/docs/zh/UserGuide/Reference/Status-Codes.md
@@ -43,122 +43,130 @@ try {
这里是状态码和相对应信息的列表:
-|状态码|状态类型|状态信息|
-|:--|:---|:---|
-|200|SUCCESS_STATUS|成功状态|
-|201|INCOMPATIBLE_VERSION|版本不兼容|
-|202|CONFIGURATION_ERROR|配置文件有错误项|
-|203|START_UP_ERROR|启动错误|
-|204|SHUT_DOWN_ERROR|关机错误|
-|300|UNSUPPORTED_OPERATION|不支持的操作|
-|301|EXECUTE_STATEMENT_ERROR|执行语句错误|
-|302|MULTIPLE_ERROR|多行语句执行错误|
-|303|ILLEGAL_PARAMETER|参数错误|
-|304|OVERLAP_WITH_EXISTING_TASK|与正在执行的其他操作冲突|
-|305|INTERNAL_SERVER_ERROR|服务器内部错误|
-|400|REDIRECTION_RECOMMEND|推荐客户端重定向|
-|500|DATABASE_NOT_EXIST|数据库不存在|
-|501|DATABASE_ALREADY_EXISTS|数据库已存在|
-|502|SERIES_OVERFLOW|序列数量超过阈值|
-|503|TIMESERIES_ALREADY_EXIST|时间序列已存在|
-|504|TIMESERIES_IN_BLACK_LIST|时间序列正在删除|
-|505|ALIAS_ALREADY_EXIST|路径别名已经存在|
-|506|PATH_ALREADY_EXIST|路径已经存在|
-|507|METADATA_ERROR|处理元数据错误|
-|508|PATH_NOT_EXIST|路径不存在|
-|509|ILLEGAL_PATH|路径不合法|
-|510|CREATE_TEMPLATE_ERROR|创建物理量模板失败|
-|511|DUPLICATED_TEMPLATE|元数据模板重复|
-|512|UNDEFINED_TEMPLATE|元数据模板未定义|
-|513|TEMPLATE_NOT_SET|元数据模板未设置|
-|514|DIFFERENT_TEMPLATE|元数据模板不一致|
-|515|TEMPLATE_IS_IN_USE|元数据模板正在使用|
-|516|TEMPLATE_INCOMPATIBLE|元数据模板不兼容|
-|517|SEGMENT_NOT_FOUND|未找到 Segment|
-|518|PAGE_OUT_OF_SPACE|SchemaFile 中 Page 空间不够|
-|519|RECORD_DUPLICATED|记录重复|
-|520|SEGMENT_OUT_OF_SPACE|SchemaFile 中 segment 空间不够|
-|521|SCHEMA_FILE_NOT_EXISTS|SchemaFile 不存在|
-|522|OVERSIZE_RECORD|记录大小超过元数据文件页面大小|
-|523|SCHEMA_FILE_REDO_LOG_BROKEN|SchemaFile 的 redo 日志损坏|
-|524|TEMPLATE_NOT_ACTIVATED|元数据模板未激活|
-|600|SYSTEM_READ_ONLY|IoTDB 系统只读|
-|601|STORAGE_ENGINE_ERROR|存储引擎相关错误|
-|602|STORAGE_ENGINE_NOT_READY|存储引擎还在恢复中,还不能接受读写操作|
-|603|DATAREGION_PROCESS_ERROR|DataRegion 相关错误|
-|604|TSFILE_PROCESSOR_ERROR|TsFile 处理器相关错误|
-|605|WRITE_PROCESS_ERROR|写入相关错误|
-|606|WRITE_PROCESS_REJECT|写入拒绝错误|
-|607|OUT_OF_TTL|插入时间少于 TTL 时间边界|
-|608|COMPACTION_ERROR|合并错误|
-|609|ALIGNED_TIMESERIES_ERROR|对齐时间序列错误|
-|610|WAL_ERROR|WAL 异常|
-|611|DISK_SPACE_INSUFFICIENT|磁盘空间不足|
-|700|SQL_PARSE_ERROR|SQL 语句分析错误|
-|701|SEMANTIC_ERROR|SQL 语义错误|
-|702|GENERATE_TIME_ZONE_ERROR|生成时区错误|
-|703|SET_TIME_ZONE_ERROR|设置时区错误|
-|704|QUERY_NOT_ALLOWED|查询语句不允许|
-|705|LOGICAL_OPERATOR_ERROR|逻辑符相关错误|
-|706|LOGICAL_OPTIMIZE_ERROR|逻辑优化相关错误|
-|707|UNSUPPORTED_FILL_TYPE|不支持的填充类型|
-|708|QUERY_PROCESS_ERROR|查询处理相关错误|
-|709|MPP_MEMORY_NOT_ENOUGH|MPP 框架中任务执行内存不足|
-|710|CLOSE_OPERATION_ERROR|关闭操作错误|
-|711|TSBLOCK_SERIALIZE_ERROR|TsBlock 序列化错误|
-|712|INTERNAL_REQUEST_TIME_OUT|MPP 操作超时|
-|713|INTERNAL_REQUEST_RETRY_ERROR|内部操作重试失败|
-|800|AUTHENTICATION_ERROR|权限认证失败|
-|801|WRONG_LOGIN_PASSWORD|用户名或密码错误|
-|802|NOT_LOGIN|没有登录|
-|803|NO_PERMISSION|没有操作权限|
-|804|UNINITIALIZED_AUTH_ERROR|授权人未初始化|
-|805|USER_NOT_EXIST|用户不存在|
-|806|ROLE_NOT_EXIST|角色不存在|
-|807|CLEAR_PERMISSION_CACHE_ERROR|清空权限缓存失败|
-|900|MIGRATE_REGION_ERROR|Region 迁移失败|
-|901|CREATE_REGION_ERROR|创建 region 失败|
-|902|DELETE_REGION_ERROR|删除 region 失败|
-|903|PARTITION_CACHE_UPDATE_ERROR|更新分区缓存失败|
-|904|CONSENSUS_NOT_INITIALIZED|共识层未初始化,不能提供服务|
-|905|REGION_LEADER_CHANGE_ERROR|Region leader 迁移失败|
-|906|NO_AVAILABLE_REGION_GROUP|无法找到可用的 Region 副本组|
-|1000|DATANODE_ALREADY_REGISTERED|DataNode 在集群中已经注册|
-|1001|NO_ENOUGH_DATANODE|DataNode 数量不足,无法移除节点或创建副本|
-|1002|ADD_CONFIGNODE_ERROR|新增 ConfigNode 失败|
-|1003|REMOVE_CONFIGNODE_ERROR|移除 ConfigNode 失败|
-|1004|DATANODE_NOT_EXIST|此 DataNode 不存在|
-|1005|DATANODE_STOP_ERROR|DataNode 关闭失败|
-|1006|REMOVE_DATANODE_ERROR|移除 datanode 失败|
-|1007|REGISTER_DATANODE_WITH_WRONG_ID|注册的 DataNode 中有错误的注册id|
-|1008|CAN_NOT_CONNECT_DATANODE|连接 DataNode 失败|
-|1100|LOAD_FILE_ERROR|加载文件错误|
-|1101|LOAD_PIECE_OF_TSFILE_ERROR|加载 TsFile 片段异常|
-|1102|DESERIALIZE_PIECE_OF_TSFILE_ERROR|反序列化 TsFile 片段异常|
-|1103|SYNC_CONNECTION_ERROR|回传连接错误|
-|1104|SYNC_FILE_REDIRECTION_ERROR|同步文件时重定向异常|
-|1105|SYNC_FILE_ERROR|同步文件异常|
-|1106|CREATE_PIPE_SINK_ERROR|创建 PIPE Sink 失败|
-|1107|PIPE_ERROR|PIPE 异常|
-|1108|PIPESERVER_ERROR|PIPE server 异常|
-|1109|VERIFY_METADATA_ERROR|校验元数据失败|
-|1200|UDF_LOAD_CLASS_ERROR|UDF 加载类异常|
-|1201|UDF_DOWNLOAD_ERROR|无法从 ConfigNode 下载 UDF|
-|1202|CREATE_UDF_ON_DATANODE_ERROR|在 DataNode 创建 UDF 失败|
-|1203|DROP_UDF_ON_DATANODE_ERROR|在 DataNode 卸载 UDF 失败|
-|1300|CREATE_TRIGGER_ERROR|ConfigNode 创建 Trigger 失败|
-|1301|DROP_TRIGGER_ERROR|ConfigNode 删除 Trigger 失败|
-|1302|TRIGGER_FIRE_ERROR|触发器执行错误|
-|1303|TRIGGER_LOAD_CLASS_ERROR|触发器加载类异常|
-|1304|TRIGGER_DOWNLOAD_ERROR|从 ConfigNode 下载触发器异常|
-|1305|CREATE_TRIGGER_INSTANCE_ERROR|创建触发器实例异常|
-|1306|ACTIVE_TRIGGER_INSTANCE_ERROR|激活触发器实例异常|
-|1307|DROP_TRIGGER_INSTANCE_ERROR|删除触发器实例异常|
-|1308|UPDATE_TRIGGER_LOCATION_ERROR|更新有状态的触发器所在 DataNode 异常|
-|1400|NO_SUCH_CQ|CQ 任务不存在|
-|1401|CQ_ALREADY_ACTIVE|CQ 任务已激活|
-|1402|CQ_AlREADY_EXIST|CQ 任务已存在|
-|1403|CQ_UPDATE_LAST_EXEC_TIME_ERROR|CQ 更新上一次执行时间失败|
+| 状态码 | 状态类型 | 状态信息 |
+| :----- | :-------------------------------- | :---------------------------------------- |
+| 200 | SUCCESS_STATUS | 成功状态 |
+| 201 | INCOMPATIBLE_VERSION | 版本不兼容 |
+| 202 | CONFIGURATION_ERROR | 配置文件有错误项 |
+| 203 | START_UP_ERROR | 启动错误 |
+| 204 | SHUT_DOWN_ERROR | 关机错误 |
+| 300 | UNSUPPORTED_OPERATION | 不支持的操作 |
+| 301 | EXECUTE_STATEMENT_ERROR | 执行语句错误 |
+| 302 | MULTIPLE_ERROR | 多行语句执行错误 |
+| 303 | ILLEGAL_PARAMETER | 参数错误 |
+| 304 | OVERLAP_WITH_EXISTING_TASK | 与正在执行的其他操作冲突 |
+| 305 | INTERNAL_SERVER_ERROR | 服务器内部错误 |
+| 400 | REDIRECTION_RECOMMEND | 推荐客户端重定向 |
+| 500 | DATABASE_NOT_EXIST | 数据库不存在 |
+| 501 | DATABASE_ALREADY_EXISTS | 数据库已存在 |
+| 502 | SERIES_OVERFLOW | 序列数量超过阈值 |
+| 503 | TIMESERIES_ALREADY_EXIST | 时间序列已存在 |
+| 504 | TIMESERIES_IN_BLACK_LIST | 时间序列正在删除 |
+| 505 | ALIAS_ALREADY_EXIST | 路径别名已经存在 |
+| 506 | PATH_ALREADY_EXIST | 路径已经存在 |
+| 507 | METADATA_ERROR | 处理元数据错误 |
+| 508 | PATH_NOT_EXIST | 路径不存在 |
+| 509 | ILLEGAL_PATH | 路径不合法 |
+| 510 | CREATE_TEMPLATE_ERROR | 创建物理量模板失败 |
+| 511 | DUPLICATED_TEMPLATE | 元数据模板重复 |
+| 512 | UNDEFINED_TEMPLATE | 元数据模板未定义 |
+| 513 | TEMPLATE_NOT_SET | 元数据模板未设置 |
+| 514 | DIFFERENT_TEMPLATE | 元数据模板不一致 |
+| 515 | TEMPLATE_IS_IN_USE | 元数据模板正在使用 |
+| 516 | TEMPLATE_INCOMPATIBLE | 元数据模板不兼容 |
+| 517 | SEGMENT_NOT_FOUND | 未找到 Segment |
+| 518 | PAGE_OUT_OF_SPACE | SchemaFile 中 Page 空间不够 |
+| 519 | RECORD_DUPLICATED | 记录重复 |
+| 520 | SEGMENT_OUT_OF_SPACE | SchemaFile 中 segment 空间不够 |
+| 521 | SCHEMA_FILE_NOT_EXISTS | SchemaFile 不存在 |
+| 522 | OVERSIZE_RECORD | 记录大小超过元数据文件页面大小 |
+| 523 | SCHEMA_FILE_REDO_LOG_BROKEN | SchemaFile 的 redo 日志损坏 |
+| 524 | TEMPLATE_NOT_ACTIVATED | 元数据模板未激活 |
+| 600 | SYSTEM_READ_ONLY | IoTDB 系统只读 |
+| 601 | STORAGE_ENGINE_ERROR | 存储引擎相关错误 |
+| 602 | STORAGE_ENGINE_NOT_READY | 存储引擎还在恢复中,还不能接受读写操作 |
+| 603 | DATAREGION_PROCESS_ERROR | DataRegion 相关错误 |
+| 604 | TSFILE_PROCESSOR_ERROR | TsFile 处理器相关错误 |
+| 605 | WRITE_PROCESS_ERROR | 写入相关错误 |
+| 606 | WRITE_PROCESS_REJECT | 写入拒绝错误 |
+| 607 | OUT_OF_TTL | 插入时间少于 TTL 时间边界 |
+| 608 | COMPACTION_ERROR | 合并错误 |
+| 609 | ALIGNED_TIMESERIES_ERROR | 对齐时间序列错误 |
+| 610 | WAL_ERROR | WAL 异常 |
+| 611 | DISK_SPACE_INSUFFICIENT | 磁盘空间不足 |
+| 700 | SQL_PARSE_ERROR | SQL 语句分析错误 |
+| 701 | SEMANTIC_ERROR | SQL 语义错误 |
+| 702 | GENERATE_TIME_ZONE_ERROR | 生成时区错误 |
+| 703 | SET_TIME_ZONE_ERROR | 设置时区错误 |
+| 704 | QUERY_NOT_ALLOWED | 查询语句不允许 |
+| 705 | LOGICAL_OPERATOR_ERROR | 逻辑符相关错误 |
+| 706 | LOGICAL_OPTIMIZE_ERROR | 逻辑优化相关错误 |
+| 707 | UNSUPPORTED_FILL_TYPE | 不支持的填充类型 |
+| 708 | QUERY_PROCESS_ERROR | 查询处理相关错误 |
+| 709 | MPP_MEMORY_NOT_ENOUGH | MPP 框架中任务执行内存不足 |
+| 710 | CLOSE_OPERATION_ERROR | 关闭操作错误 |
+| 711 | TSBLOCK_SERIALIZE_ERROR | TsBlock 序列化错误 |
+| 712 | INTERNAL_REQUEST_TIME_OUT | MPP 操作超时 |
+| 713 | INTERNAL_REQUEST_RETRY_ERROR | 内部操作重试失败 |
+| 800 | UNINITIALIZED_AUTH_ERROR | 授权模块未初始化 |
+| 801 | WRONG_LOGIN_PASSWORD | 用户名或密码错误 |
+| 802 | NOT_LOGIN | 没有登录 |
+| 803 | NO_PERMISSION | 没有操作权限 |
+| 804 | USER_NOT_EXIST | 用户不存在 |
+| 805 | USER_ALREADY_EXIST | 用户已存在 |
+| 806 | USER_ALREADY_HAS_ROLE | 用户拥有对应角色 |
+| 807 | USER_NOT_HAS_ROLE | 用户未拥有对应角色 |
+| 808 | ROLE_NOT_EXIST | 角色不存在 |
+| 809 | ROLE_ALREADY_EXIST | 角色已存在 |
+| 810 | ALREADY_HAS_PRIVILEGE | 已拥有对应权限 |
+| 811 | NOT_HAS_PRIVILEGE | 未拥有对应权限 |
+| 812 | CLEAR_PERMISSION_CACHE_ERROR | 清空权限缓存失败 |
+| 813 | UNKNOWN_AUTH_PRIVILEGE | 未知权限 |
+| 814 | UNSUPPORTED_AUTH_OPERATION | 不支持的权限操作 |
+| 815 | AUTH_IO_EXCEPTION | 权限模块IO异常 |
+| 900 | MIGRATE_REGION_ERROR | Region 迁移失败 |
+| 901 | CREATE_REGION_ERROR | 创建 region 失败 |
+| 902 | DELETE_REGION_ERROR | 删除 region 失败 |
+| 903 | PARTITION_CACHE_UPDATE_ERROR | 更新分区缓存失败 |
+| 904 | CONSENSUS_NOT_INITIALIZED | 共识层未初始化,不能提供服务 |
+| 905 | REGION_LEADER_CHANGE_ERROR | Region leader 迁移失败 |
+| 906 | NO_AVAILABLE_REGION_GROUP | 无法找到可用的 Region 副本组 |
+| 1000 | DATANODE_ALREADY_REGISTERED | DataNode 在集群中已经注册 |
+| 1001 | NO_ENOUGH_DATANODE | DataNode 数量不足,无法移除节点或创建副本 |
+| 1002 | ADD_CONFIGNODE_ERROR | 新增 ConfigNode 失败 |
+| 1003 | REMOVE_CONFIGNODE_ERROR | 移除 ConfigNode 失败 |
+| 1004 | DATANODE_NOT_EXIST | 此 DataNode 不存在 |
+| 1005 | DATANODE_STOP_ERROR | DataNode 关闭失败 |
+| 1006 | REMOVE_DATANODE_ERROR | 移除 datanode 失败 |
+| 1007 | REGISTER_DATANODE_WITH_WRONG_ID | 注册的 DataNode 中有错误的注册id |
+| 1008 | CAN_NOT_CONNECT_DATANODE | 连接 DataNode 失败 |
+| 1100 | LOAD_FILE_ERROR | 加载文件错误 |
+| 1101 | LOAD_PIECE_OF_TSFILE_ERROR | 加载 TsFile 片段异常 |
+| 1102 | DESERIALIZE_PIECE_OF_TSFILE_ERROR | 反序列化 TsFile 片段异常 |
+| 1103 | SYNC_CONNECTION_ERROR | 回传连接错误 |
+| 1104 | SYNC_FILE_REDIRECTION_ERROR | 同步文件时重定向异常 |
+| 1105 | SYNC_FILE_ERROR | 同步文件异常 |
+| 1106 | CREATE_PIPE_SINK_ERROR | 创建 PIPE Sink 失败 |
+| 1107 | PIPE_ERROR | PIPE 异常 |
+| 1108 | PIPESERVER_ERROR | PIPE server 异常 |
+| 1109 | VERIFY_METADATA_ERROR | 校验元数据失败 |
+| 1200 | UDF_LOAD_CLASS_ERROR | UDF 加载类异常 |
+| 1201 | UDF_DOWNLOAD_ERROR | 无法从 ConfigNode 下载 UDF |
+| 1202 | CREATE_UDF_ON_DATANODE_ERROR | 在 DataNode 创建 UDF 失败 |
+| 1203 | DROP_UDF_ON_DATANODE_ERROR | 在 DataNode 卸载 UDF 失败 |
+| 1300 | CREATE_TRIGGER_ERROR | ConfigNode 创建 Trigger 失败 |
+| 1301 | DROP_TRIGGER_ERROR | ConfigNode 删除 Trigger 失败 |
+| 1302 | TRIGGER_FIRE_ERROR | 触发器执行错误 |
+| 1303 | TRIGGER_LOAD_CLASS_ERROR | 触发器加载类异常 |
+| 1304 | TRIGGER_DOWNLOAD_ERROR | 从 ConfigNode 下载触发器异常 |
+| 1305 | CREATE_TRIGGER_INSTANCE_ERROR | 创建触发器实例异常 |
+| 1306 | ACTIVE_TRIGGER_INSTANCE_ERROR | 激活触发器实例异常 |
+| 1307 | DROP_TRIGGER_INSTANCE_ERROR | 删除触发器实例异常 |
+| 1308 | UPDATE_TRIGGER_LOCATION_ERROR | 更新有状态的触发器所在 DataNode 异常 |
+| 1400 | NO_SUCH_CQ | CQ 任务不存在 |
+| 1401 | CQ_ALREADY_ACTIVE | CQ 任务已激活 |
+| 1402 | CQ_AlREADY_EXIST | CQ 任务已存在 |
+| 1403 | CQ_UPDATE_LAST_EXEC_TIME_ERROR | CQ 更新上一次执行时间失败 |
> 在最新版本中,我们重构了 IoTDB 的异常类。通过将错误信息统一提取到异常类中,并为所有异常添加不同的错误代码,从而当捕获到异常并引发更高级别的异常时,错误代码将保留并传递,以便用户了解详细的错误原因。
除此之外,我们添加了一个基础异常类“ProcessException”,由所有异常扩展。
diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/AuthException.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/AuthException.java
index 9eeb221a2d..f745c966ee 100644
--- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/AuthException.java
+++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/AuthException.java
@@ -19,20 +19,30 @@
package org.apache.iotdb.commons.auth;
+import org.apache.iotdb.rpc.TSStatusCode;
+
/** The exception for authority model. */
public class AuthException extends Exception {
private static final long serialVersionUID = 5091102941209301301L;
+ private final TSStatusCode code;
- public AuthException(String message) {
+ public AuthException(TSStatusCode code, String message) {
super(message);
+ this.code = code;
}
- public AuthException(String message, Throwable cause) {
+ public AuthException(TSStatusCode code, String message, Throwable cause) {
super(message, cause);
+ this.code = code;
}
- public AuthException(Throwable cause) {
+ public AuthException(TSStatusCode code, Throwable cause) {
super(cause);
+ this.code = code;
+ }
+
+ public TSStatusCode getCode() {
+ return code;
}
}
diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/BasicAuthorizer.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/BasicAuthorizer.java
index ad67bde66f..e152a82806 100644
--- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/BasicAuthorizer.java
+++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/BasicAuthorizer.java
@@ -29,6 +29,7 @@ import org.apache.iotdb.commons.exception.StartupException;
import org.apache.iotdb.commons.service.IService;
import org.apache.iotdb.commons.service.ServiceType;
import org.apache.iotdb.commons.utils.AuthUtils;
+import org.apache.iotdb.rpc.TSStatusCode;
import org.apache.thrift.TException;
import org.slf4j.Logger;
@@ -72,16 +73,20 @@ public abstract class BasicAuthorizer implements IAuthorizer, IService {
logger.info("Initialization of Authorizer completes");
}
- /** function for getting the instance of the local file authorizer. */
+ /**
+ * Function for getting the instance of the local file authorizer.
+ *
+ * @exception AuthException Failed to initialize authorizer
+ */
public static IAuthorizer getInstance() throws AuthException {
if (InstanceHolder.instance == null) {
- throw new AuthException("Authorizer uninitialized");
+ throw new AuthException(TSStatusCode.INIT_AUTH_ERROR, "Authorizer uninitialized");
}
return InstanceHolder.instance;
}
private static class InstanceHolder {
- private static IAuthorizer instance;
+ private static final IAuthorizer instance;
static {
Class<BasicAuthorizer> c;
@@ -94,7 +99,6 @@ public abstract class BasicAuthorizer implements IAuthorizer, IService {
CommonDescriptor.getInstance().getConfig().getAuthorizerProvider());
instance = c.getDeclaredConstructor().newInstance();
} catch (Exception e) {
- instance = null;
// startup failed.
throw new IllegalStateException("Authorizer could not be initialized!", e);
}
@@ -115,17 +119,20 @@ public abstract class BasicAuthorizer implements IAuthorizer, IService {
@Override
public void createUser(String username, String password) throws AuthException {
if (!userManager.createUser(username, password)) {
- throw new AuthException(String.format("User %s already exists", username));
+ throw new AuthException(
+ TSStatusCode.USER_ALREADY_EXIST, String.format("User %s already exists", username));
}
}
@Override
public void deleteUser(String username) throws AuthException {
if (isAdmin(username)) {
- throw new AuthException("Default administrator cannot be deleted");
+ throw new AuthException(
+ TSStatusCode.NO_PERMISSION, "Default administrator cannot be deleted");
}
if (!userManager.deleteUser(username)) {
- throw new AuthException(String.format("User %s does not exist", username));
+ throw new AuthException(
+ TSStatusCode.USER_NOT_EXIST, String.format("User %s does not exist", username));
}
}
@@ -134,13 +141,16 @@ public abstract class BasicAuthorizer implements IAuthorizer, IService {
throws AuthException {
String newPath = path;
if (isAdmin(username)) {
- throw new AuthException("Invalid operation, administrator already has all privileges");
+ throw new AuthException(
+ TSStatusCode.NO_PERMISSION,
+ "Invalid operation, administrator already has all privileges");
}
if (!PrivilegeType.isPathRelevant(privilegeId)) {
newPath = AuthUtils.ROOT_PATH_PRIVILEGE;
}
if (!userManager.grantPrivilegeToUser(username, newPath, privilegeId)) {
throw new AuthException(
+ TSStatusCode.ALREADY_HAS_PRIVILEGE,
String.format(
"User %s already has %s on %s", username, PrivilegeType.values()[privilegeId], path));
}
@@ -150,7 +160,8 @@ public abstract class BasicAuthorizer implements IAuthorizer, IService {
public void revokePrivilegeFromUser(String username, String path, int privilegeId)
throws AuthException {
if (isAdmin(username)) {
- throw new AuthException("Invalid operation, administrator must have all privileges");
+ throw new AuthException(
+ TSStatusCode.NO_PERMISSION, "Invalid operation, administrator must have all privileges");
}
String p = path;
if (!PrivilegeType.isPathRelevant(privilegeId)) {
@@ -158,6 +169,7 @@ public abstract class BasicAuthorizer implements IAuthorizer, IService {
}
if (!userManager.revokePrivilegeFromUser(username, p, privilegeId)) {
throw new AuthException(
+ TSStatusCode.NOT_HAS_PRIVILEGE,
String.format(
"User %s does not have %s on %s",
username, PrivilegeType.values()[privilegeId], path));
@@ -168,7 +180,8 @@ public abstract class BasicAuthorizer implements IAuthorizer, IService {
public void createRole(String roleName) throws AuthException {
if (!roleManager.createRole(roleName)) {
logger.error("Role {} already exists", roleName);
- throw new AuthException(String.format("Role %s already exists", roleName));
+ throw new AuthException(
+ TSStatusCode.ROLE_ALREADY_EXIST, String.format("Role %s already exists", roleName));
}
}
@@ -176,7 +189,8 @@ public abstract class BasicAuthorizer implements IAuthorizer, IService {
public void deleteRole(String roleName) throws AuthException {
boolean success = roleManager.deleteRole(roleName);
if (!success) {
- throw new AuthException(String.format("Role %s does not exist", roleName));
+ throw new AuthException(
+ TSStatusCode.ROLE_NOT_EXIST, String.format("Role %s does not exist", roleName));
} else {
// proceed to revoke the role in all users
List<String> users = userManager.listAllUsers();
@@ -203,6 +217,7 @@ public abstract class BasicAuthorizer implements IAuthorizer, IService {
}
if (!roleManager.grantPrivilegeToRole(roleName, p, privilegeId)) {
throw new AuthException(
+ TSStatusCode.ALREADY_HAS_PRIVILEGE,
String.format(
"Role %s already has %s on %s", roleName, PrivilegeType.values()[privilegeId], path));
}
@@ -217,6 +232,7 @@ public abstract class BasicAuthorizer implements IAuthorizer, IService {
}
if (!roleManager.revokePrivilegeFromRole(roleName, p, privilegeId)) {
throw new AuthException(
+ TSStatusCode.NOT_HAS_PRIVILEGE,
String.format(
"Role %s does not have %s on %s",
roleName, PrivilegeType.values()[privilegeId], path));
@@ -227,17 +243,21 @@ public abstract class BasicAuthorizer implements IAuthorizer, IService {
public void grantRoleToUser(String roleName, String username) throws AuthException {
Role role = roleManager.getRole(roleName);
if (role == null) {
- throw new AuthException(String.format(NO_SUCH_ROLE_EXCEPTION, roleName));
+ throw new AuthException(
+ TSStatusCode.ROLE_NOT_EXIST, String.format(NO_SUCH_ROLE_EXCEPTION, roleName));
}
// the role may be deleted before it ts granted to the user, so a double check is necessary.
boolean success = userManager.grantRoleToUser(roleName, username);
if (success) {
role = roleManager.getRole(roleName);
if (role == null) {
- throw new AuthException(String.format(NO_SUCH_ROLE_EXCEPTION, roleName));
+ throw new AuthException(
+ TSStatusCode.ROLE_NOT_EXIST, String.format(NO_SUCH_ROLE_EXCEPTION, roleName));
}
} else {
- throw new AuthException(String.format("User %s already has role %s", username, roleName));
+ throw new AuthException(
+ TSStatusCode.USER_ALREADY_HAS_ROLE,
+ String.format("User %s already has role %s", username, roleName));
}
}
@@ -245,10 +265,13 @@ public abstract class BasicAuthorizer implements IAuthorizer, IService {
public void revokeRoleFromUser(String roleName, String username) throws AuthException {
Role role = roleManager.getRole(roleName);
if (role == null) {
- throw new AuthException(String.format(NO_SUCH_ROLE_EXCEPTION, roleName));
+ throw new AuthException(
+ TSStatusCode.ROLE_NOT_EXIST, String.format(NO_SUCH_ROLE_EXCEPTION, roleName));
}
if (!userManager.revokeRoleFromUser(roleName, username)) {
- throw new AuthException(String.format("User %s does not have role %s", username, roleName));
+ throw new AuthException(
+ TSStatusCode.USER_NOT_HAS_ROLE,
+ String.format("User %s does not have role %s", username, roleName));
}
}
@@ -259,7 +282,8 @@ public abstract class BasicAuthorizer implements IAuthorizer, IService {
}
User user = userManager.getUser(username);
if (user == null) {
- throw new AuthException(String.format(NO_SUCH_USER_EXCEPTION, username));
+ throw new AuthException(
+ TSStatusCode.USER_NOT_EXIST, String.format(NO_SUCH_USER_EXCEPTION, username));
}
// get privileges of the user
Set<Integer> privileges = user.getPrivileges(path);
@@ -276,7 +300,8 @@ public abstract class BasicAuthorizer implements IAuthorizer, IService {
@Override
public void updateUserPassword(String username, String newPassword) throws AuthException {
if (!userManager.updateUserPassword(username, newPassword)) {
- throw new AuthException("password " + newPassword + " is illegal");
+ throw new AuthException(
+ TSStatusCode.ILLEGAL_PARAMETER, "password " + newPassword + " is illegal");
}
}
@@ -288,7 +313,8 @@ public abstract class BasicAuthorizer implements IAuthorizer, IService {
}
User user = userManager.getUser(username);
if (user == null) {
- throw new AuthException(String.format(NO_SUCH_USER_EXCEPTION, username));
+ throw new AuthException(
+ TSStatusCode.USER_NOT_EXIST, String.format(NO_SUCH_USER_EXCEPTION, username));
}
// get privileges of the user
if (user.checkPrivilege(path, privilegeId)) {
@@ -361,7 +387,9 @@ public abstract class BasicAuthorizer implements IAuthorizer, IService {
}
@Override
- public void stop() {}
+ public void stop() {
+ // Nothing to do
+ }
@Override
public ServiceType getID() {
diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/OpenIdAuthorizer.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/OpenIdAuthorizer.java
index a42c016218..b1fd48e9b6 100644
--- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/OpenIdAuthorizer.java
+++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/OpenIdAuthorizer.java
@@ -23,6 +23,7 @@ import org.apache.iotdb.commons.auth.role.LocalFileRoleManager;
import org.apache.iotdb.commons.auth.user.LocalFileUserManager;
import org.apache.iotdb.commons.conf.CommonConfig;
import org.apache.iotdb.commons.conf.CommonDescriptor;
+import org.apache.iotdb.rpc.TSStatusCode;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.jwk.RSAKey;
@@ -74,17 +75,18 @@ public class OpenIdAuthorizer extends BasicAuthorizer {
try {
providerKey = RSAKey.parse(jwk).toRSAPublicKey();
} catch (java.text.ParseException | JOSEException e) {
- throw new AuthException("Unable to get OIDC Provider Key from JWK " + jwk, e);
+ throw new AuthException(
+ TSStatusCode.INIT_AUTH_ERROR, "Unable to get OIDC Provider Key from JWK " + jwk, e);
}
logger.info("Initialized with providerKey: {}", providerKey);
}
public OpenIdAuthorizer(String providerUrl)
throws AuthException, URISyntaxException, ParseException, IOException {
- this(getJWKFromProvider(providerUrl));
+ this(getJwkFromProvider(providerUrl));
}
- private static JSONObject getJWKFromProvider(String providerUrl)
+ private static JSONObject getJwkFromProvider(String providerUrl)
throws URISyntaxException, IOException, ParseException, AuthException {
if (providerUrl == null) {
throw new IllegalArgumentException("OpenID Connect Provider URI must be given!");
@@ -98,13 +100,13 @@ public class OpenIdAuthorizer extends BasicAuthorizer {
try {
URL url = new URI(providerMetadata.getJWKSetURI().toString()).toURL();
logger.debug("Using url {}", url);
- return getProviderRSAJWK(url.openStream());
+ return getProviderRsaJwk(url.openStream());
} catch (IOException e) {
- throw new AuthException("Unable to start the Auth", e);
+ throw new AuthException(TSStatusCode.INIT_AUTH_ERROR, "Unable to start the Auth", e);
}
}
- private static JSONObject getProviderRSAJWK(InputStream is) throws ParseException {
+ private static JSONObject getProviderRsaJwk(InputStream is) throws ParseException {
// Read all data from stream
StringBuilder sb = new StringBuilder();
try (Scanner scanner = new Scanner(is)) {
@@ -128,11 +130,11 @@ public class OpenIdAuthorizer extends BasicAuthorizer {
return null;
}
- static OIDCProviderMetadata fetchMetadata(String providerUrl)
+ private static OIDCProviderMetadata fetchMetadata(String providerUrl)
throws URISyntaxException, IOException, ParseException {
- URI issuerURI = new URI(providerUrl);
- URL providerConfigurationURL = issuerURI.resolve(".well-known/openid-configuration").toURL();
- InputStream stream = providerConfigurationURL.openStream();
+ URI issuerUri = new URI(providerUrl);
+ URL providerConfigurationUrl = issuerUri.resolve(".well-known/openid-configuration").toURL();
+ InputStream stream = providerConfigurationUrl.openStream();
// Read all data from URL
String providerInfo;
try (java.util.Scanner s = new java.util.Scanner(stream)) {
@@ -180,7 +182,6 @@ public class OpenIdAuthorizer extends BasicAuthorizer {
}
public String getIoTDBUserName(String token) {
-
Claims claims = validateToken(token);
logger.debug("JWT was validated successfully!");
logger.debug("ID: {}", claims.getId());
@@ -223,8 +224,7 @@ public class OpenIdAuthorizer extends BasicAuthorizer {
/**
* So not with the token!
*
- * @param token Usually the JWT but could also be just the name of the user ({@link
- * #getUsername(String)}.
+ * @param token Usually the JWT but could also be just the name of the user.
* @return true if the user is an admin
*/
@Override
@@ -234,7 +234,7 @@ public class OpenIdAuthorizer extends BasicAuthorizer {
// This is a username!
claims = this.loggedClaims.get(token);
} else {
- // Its a token
+ // It's a token
try {
claims = validateToken(token);
} catch (JwtException e) {
diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/PathPrivilege.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/PathPrivilege.java
index 08e566b573..70d138005a 100644
--- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/PathPrivilege.java
+++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/entity/PathPrivilege.java
@@ -52,7 +52,9 @@ public class PathPrivilege {
public static final Comparator<PathPrivilege> REFERENCE_DESCENT_SORTER =
(o1, o2) -> -Integer.compare(o1.referenceCnt.get(), o2.referenceCnt.get());
- public PathPrivilege() {}
+ public PathPrivilege() {
+ // Empty constructor
+ }
public PathPrivilege(String path) {
this.path = path;
diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/role/BasicRoleManager.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/role/BasicRoleManager.java
index 9dcc646a98..7b0c6f9832 100644
--- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/role/BasicRoleManager.java
+++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/role/BasicRoleManager.java
@@ -22,6 +22,7 @@ import org.apache.iotdb.commons.auth.AuthException;
import org.apache.iotdb.commons.auth.entity.Role;
import org.apache.iotdb.commons.concurrent.HashLock;
import org.apache.iotdb.commons.utils.AuthUtils;
+import org.apache.iotdb.rpc.TSStatusCode;
import java.io.IOException;
import java.util.HashMap;
@@ -59,7 +60,7 @@ public abstract class BasicRoleManager implements IRoleManager {
}
}
} catch (IOException e) {
- throw new AuthException(e);
+ throw new AuthException(TSStatusCode.AUTH_IO_EXCEPTION, e);
} finally {
lock.readUnlock(rolename);
}
@@ -81,7 +82,7 @@ public abstract class BasicRoleManager implements IRoleManager {
roleMap.put(rolename, role);
return true;
} catch (IOException e) {
- throw new AuthException(e);
+ throw new AuthException(TSStatusCode.AUTH_IO_EXCEPTION, e);
} finally {
lock.writeUnlock(rolename);
}
@@ -98,7 +99,7 @@ public abstract class BasicRoleManager implements IRoleManager {
return false;
}
} catch (IOException e) {
- throw new AuthException(e);
+ throw new AuthException(TSStatusCode.AUTH_IO_EXCEPTION, e);
} finally {
lock.writeUnlock(rolename);
}
@@ -112,7 +113,8 @@ public abstract class BasicRoleManager implements IRoleManager {
try {
Role role = getRole(rolename);
if (role == null) {
- throw new AuthException(String.format("No such role %s", rolename));
+ throw new AuthException(
+ TSStatusCode.ROLE_NOT_EXIST, String.format("No such role %s", rolename));
}
if (role.hasPrivilege(path, privilegeId)) {
return false;
@@ -123,7 +125,7 @@ public abstract class BasicRoleManager implements IRoleManager {
accessor.saveRole(role);
} catch (IOException e) {
role.setPrivileges(path, privilegesCopy);
- throw new AuthException(e);
+ throw new AuthException(TSStatusCode.AUTH_IO_EXCEPTION, e);
}
return true;
} finally {
@@ -139,7 +141,8 @@ public abstract class BasicRoleManager implements IRoleManager {
try {
Role role = getRole(rolename);
if (role == null) {
- throw new AuthException(String.format("No such role %s", rolename));
+ throw new AuthException(
+ TSStatusCode.ROLE_NOT_EXIST, String.format("No such role %s", rolename));
}
if (!role.hasPrivilege(path, privilegeId)) {
return false;
@@ -149,7 +152,7 @@ public abstract class BasicRoleManager implements IRoleManager {
accessor.saveRole(role);
} catch (IOException e) {
role.addPrivilege(path, privilegeId);
- throw new AuthException(e);
+ throw new AuthException(TSStatusCode.AUTH_IO_EXCEPTION, e);
}
return true;
} finally {
@@ -181,7 +184,7 @@ public abstract class BasicRoleManager implements IRoleManager {
try {
accessor.saveRole(role);
} catch (IOException e) {
- throw new AuthException(e);
+ throw new AuthException(TSStatusCode.AUTH_IO_EXCEPTION, e);
}
}
}
diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/role/LocalFileRoleAccessor.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/role/LocalFileRoleAccessor.java
index 426b9b772f..98a5fcaf78 100644
--- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/role/LocalFileRoleAccessor.java
+++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/role/LocalFileRoleAccessor.java
@@ -34,9 +34,9 @@ import java.io.BufferedOutputStream;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
-import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.ByteBuffer;
+import java.nio.file.Files;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
@@ -58,15 +58,15 @@ public class LocalFileRoleAccessor implements IRoleAccessor {
private static final String STRING_ENCODING = "utf-8";
private static final String roleSnapshotFileName = "system" + File.separator + "roles";
- private String roleDirPath;
+ private final String roleDirPath;
/**
* Reused buffer for primitive types encoding/decoding, which aim to reduce memory fragments. Use
* ThreadLocal for thread safety.
*/
- private ThreadLocal<ByteBuffer> encodingBufferLocal = new ThreadLocal<>();
+ private final ThreadLocal<ByteBuffer> encodingBufferLocal = new ThreadLocal<>();
- private ThreadLocal<byte[]> strBufferLocal = new ThreadLocal<>();
+ private final ThreadLocal<byte[]> strBufferLocal = new ThreadLocal<>();
public LocalFileRoleAccessor(String roleDirPath) {
this.roleDirPath = roleDirPath;
@@ -120,10 +120,12 @@ public class LocalFileRoleAccessor implements IRoleAccessor {
+ TEMP_SUFFIX);
File roleDir = new File(roleDirPath);
if (!roleDir.exists()) {
- roleDir.mkdirs();
+ if (!roleDir.mkdirs()) {
+ logger.error("Failed to create role dir {}", roleDirPath);
+ }
}
try (BufferedOutputStream outputStream =
- new BufferedOutputStream(new FileOutputStream(roleProfile))) {
+ new BufferedOutputStream(Files.newOutputStream(roleProfile.toPath()))) {
try {
IOUtils.writeString(outputStream, role.getName(), STRING_ENCODING, encodingBufferLocal);
diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java
index 00501f2563..937eec62b9 100644
--- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java
+++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java
@@ -23,6 +23,7 @@ import org.apache.iotdb.commons.auth.entity.User;
import org.apache.iotdb.commons.concurrent.HashLock;
import org.apache.iotdb.commons.conf.CommonDescriptor;
import org.apache.iotdb.commons.utils.AuthUtils;
+import org.apache.iotdb.rpc.TSStatusCode;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -63,13 +64,17 @@ public abstract class BasicUserManager implements IUserManager {
reset();
}
- /** Try to load admin. If it doesn't exist, automatically create one. */
+ /**
+ * Try to load admin. If it doesn't exist, automatically create one
+ *
+ * @throws AuthException if an exception is raised when interacting with the lower storage.
+ */
private void initAdmin() throws AuthException {
User admin;
try {
admin = getUser(CommonDescriptor.getInstance().getConfig().getAdminName());
} catch (AuthException e) {
- logger.warn("Cannot load admin, Creating a new one.", e);
+ logger.warn("Cannot load admin, Creating a new one", e);
admin = null;
}
@@ -94,7 +99,7 @@ public abstract class BasicUserManager implements IUserManager {
}
}
} catch (IOException e) {
- throw new AuthException(e);
+ throw new AuthException(TSStatusCode.AUTH_IO_EXCEPTION, e);
} finally {
lock.readUnlock(username);
}
@@ -124,7 +129,7 @@ public abstract class BasicUserManager implements IUserManager {
userMap.put(username, user);
return true;
} catch (IOException e) {
- throw new AuthException(e);
+ throw new AuthException(TSStatusCode.AUTH_IO_EXCEPTION, e);
} finally {
lock.writeUnlock(username);
}
@@ -141,7 +146,7 @@ public abstract class BasicUserManager implements IUserManager {
return false;
}
} catch (IOException e) {
- throw new AuthException(e);
+ throw new AuthException(TSStatusCode.AUTH_IO_EXCEPTION, e);
} finally {
lock.writeUnlock(username);
}
@@ -155,7 +160,8 @@ public abstract class BasicUserManager implements IUserManager {
try {
User user = getUser(username);
if (user == null) {
- throw new AuthException(String.format(NO_SUCH_USER_ERROR, username));
+ throw new AuthException(
+ TSStatusCode.USER_NOT_EXIST, String.format(NO_SUCH_USER_ERROR, username));
}
if (user.hasPrivilege(path, privilegeId)) {
return false;
@@ -166,7 +172,7 @@ public abstract class BasicUserManager implements IUserManager {
accessor.saveUser(user);
} catch (IOException e) {
user.setPrivileges(path, privilegesCopy);
- throw new AuthException(e);
+ throw new AuthException(TSStatusCode.AUTH_IO_EXCEPTION, e);
}
return true;
} finally {
@@ -182,7 +188,8 @@ public abstract class BasicUserManager implements IUserManager {
try {
User user = getUser(username);
if (user == null) {
- throw new AuthException(String.format(NO_SUCH_USER_ERROR, username));
+ throw new AuthException(
+ TSStatusCode.USER_NOT_EXIST, String.format(NO_SUCH_USER_ERROR, username));
}
if (!user.hasPrivilege(path, privilegeId)) {
return false;
@@ -192,7 +199,7 @@ public abstract class BasicUserManager implements IUserManager {
accessor.saveUser(user);
} catch (IOException e) {
user.addPrivilege(path, privilegeId);
- throw new AuthException(e);
+ throw new AuthException(TSStatusCode.AUTH_IO_EXCEPTION, e);
}
return true;
} finally {
@@ -213,7 +220,8 @@ public abstract class BasicUserManager implements IUserManager {
try {
User user = getUser(username);
if (user == null) {
- throw new AuthException(String.format(NO_SUCH_USER_ERROR, username));
+ throw new AuthException(
+ TSStatusCode.USER_NOT_EXIST, String.format(NO_SUCH_USER_ERROR, username));
}
String oldPassword = user.getPassword();
user.setPassword(AuthUtils.encryptPassword(newPassword));
@@ -221,7 +229,7 @@ public abstract class BasicUserManager implements IUserManager {
accessor.saveUser(user);
} catch (IOException e) {
user.setPassword(oldPassword);
- throw new AuthException(e);
+ throw new AuthException(TSStatusCode.AUTH_IO_EXCEPTION, e);
}
return true;
} finally {
@@ -235,7 +243,8 @@ public abstract class BasicUserManager implements IUserManager {
try {
User user = getUser(username);
if (user == null) {
- throw new AuthException(String.format(NO_SUCH_USER_ERROR, username));
+ throw new AuthException(
+ TSStatusCode.USER_NOT_EXIST, String.format(NO_SUCH_USER_ERROR, username));
}
if (user.hasRole(roleName)) {
return false;
@@ -245,7 +254,7 @@ public abstract class BasicUserManager implements IUserManager {
accessor.saveUser(user);
} catch (IOException e) {
user.getRoleList().remove(roleName);
- throw new AuthException(e);
+ throw new AuthException(TSStatusCode.AUTH_IO_EXCEPTION, e);
}
return true;
} finally {
@@ -259,7 +268,8 @@ public abstract class BasicUserManager implements IUserManager {
try {
User user = getUser(username);
if (user == null) {
- throw new AuthException(String.format(NO_SUCH_USER_ERROR, username));
+ throw new AuthException(
+ TSStatusCode.USER_NOT_EXIST, String.format(NO_SUCH_USER_ERROR, username));
}
if (!user.hasRole(roleName)) {
return false;
@@ -269,7 +279,7 @@ public abstract class BasicUserManager implements IUserManager {
accessor.saveUser(user);
} catch (IOException e) {
user.getRoleList().add(roleName);
- throw new AuthException(e);
+ throw new AuthException(TSStatusCode.AUTH_IO_EXCEPTION, e);
}
return true;
} finally {
@@ -295,7 +305,8 @@ public abstract class BasicUserManager implements IUserManager {
public boolean isUserUseWaterMark(String username) throws AuthException {
User user = getUser(username);
if (user == null) {
- throw new AuthException(String.format(NO_SUCH_USER_ERROR, username));
+ throw new AuthException(
+ TSStatusCode.USER_NOT_EXIST, String.format(NO_SUCH_USER_ERROR, username));
}
return user.isUseWaterMark();
}
@@ -304,7 +315,8 @@ public abstract class BasicUserManager implements IUserManager {
public void setUserUseWaterMark(String username, boolean useWaterMark) throws AuthException {
User user = getUser(username);
if (user == null) {
- throw new AuthException(String.format(NO_SUCH_USER_ERROR, username));
+ throw new AuthException(
+ TSStatusCode.USER_NOT_EXIST, String.format(NO_SUCH_USER_ERROR, username));
}
boolean oldFlag = user.isUseWaterMark();
if (oldFlag == useWaterMark) {
@@ -315,7 +327,7 @@ public abstract class BasicUserManager implements IUserManager {
accessor.saveUser(user);
} catch (IOException e) {
user.setUseWaterMark(oldFlag);
- throw new AuthException(e);
+ throw new AuthException(TSStatusCode.AUTH_IO_EXCEPTION, e);
}
}
@@ -330,7 +342,7 @@ public abstract class BasicUserManager implements IUserManager {
try {
accessor.saveUser(user);
} catch (IOException e) {
- throw new AuthException(e);
+ throw new AuthException(TSStatusCode.AUTH_IO_EXCEPTION, e);
}
}
}
diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java
index 7ded804145..38345f5603 100644
--- a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java
+++ b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java
@@ -35,10 +35,10 @@ import java.io.DataInputStream;
import java.io.EOFException;
import java.io.File;
import java.io.FileInputStream;
-import java.io.FileOutputStream;
import java.io.IOException;
import java.io.RandomAccessFile;
import java.nio.ByteBuffer;
+import java.nio.file.Files;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
@@ -63,14 +63,14 @@ public class LocalFileUserAccessor implements IUserAccessor {
private static final String STRING_ENCODING = "utf-8";
private static final String userSnapshotFileName = "system" + File.separator + "users";
- private String userDirPath;
+ private final String userDirPath;
/**
* Reused buffer for primitive types encoding/decoding, which aim to reduce memory fragments. Use
* ThreadLocal for thread safety.
*/
- private ThreadLocal<ByteBuffer> encodingBufferLocal = new ThreadLocal<>();
+ private final ThreadLocal<ByteBuffer> encodingBufferLocal = new ThreadLocal<>();
- private ThreadLocal<byte[]> strBufferLocal = new ThreadLocal<>();
+ private final ThreadLocal<byte[]> strBufferLocal = new ThreadLocal<>();
public LocalFileUserAccessor(String userDirPath) {
this.userDirPath = userDirPath;
@@ -157,7 +157,7 @@ public class LocalFileUserAccessor implements IUserAccessor {
+ TEMP_SUFFIX);
try (BufferedOutputStream outputStream =
- new BufferedOutputStream(new FileOutputStream(userProfile))) {
+ new BufferedOutputStream(Files.newOutputStream(userProfile.toPath()))) {
try {
IOUtils.writeString(outputStream, user.getName(), STRING_ENCODING, encodingBufferLocal);
IOUtils.writeString(outputStream, user.getPassword(), STRING_ENCODING, encodingBufferLocal);
diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/utils/AuthUtils.java b/node-commons/src/main/java/org/apache/iotdb/commons/utils/AuthUtils.java
index da39e03e65..b13be3217d 100644
--- a/node-commons/src/main/java/org/apache/iotdb/commons/utils/AuthUtils.java
+++ b/node-commons/src/main/java/org/apache/iotdb/commons/utils/AuthUtils.java
@@ -29,9 +29,7 @@ import org.apache.iotdb.commons.security.encrypt.AsymmetricEncryptFactory;
import org.apache.iotdb.confignode.rpc.thrift.TPermissionInfoResp;
import org.apache.iotdb.confignode.rpc.thrift.TRoleResp;
import org.apache.iotdb.confignode.rpc.thrift.TUserResp;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import org.apache.iotdb.rpc.TSStatusCode;
import java.util.ArrayList;
import java.util.HashMap;
@@ -41,103 +39,117 @@ import java.util.Map;
import java.util.Set;
public class AuthUtils {
-
- private static final Logger logger = LoggerFactory.getLogger(AuthUtils.class);
-
- private static final int MIN_PASSWORD_LENGTH = 4;
- private static final int MIN_USERNAME_LENGTH = 4;
- private static final int MIN_ROLENAME_LENGTH = 4;
private static final String ROOT_PREFIX = IoTDBConstant.PATH_ROOT;
- private static final String ENCRYPT_ALGORITHM = "MD5";
- private static final String STRING_ENCODING = "utf-8";
-
public static final String ROOT_PATH_PRIVILEGE =
IoTDBConstant.PATH_ROOT
+ IoTDBConstant.PATH_SEPARATOR
+ IoTDBConstant.MULTI_LEVEL_PATH_WILDCARD;
+ private static final int MIN_PASSWORD_LENGTH = 4;
+ private static final int MIN_USERNAME_LENGTH = 4;
+ private static final int MIN_ROLENAME_LENGTH = 4;
- private AuthUtils() {}
+ private AuthUtils() {
+ // Empty constructor
+ }
/**
- * validate password size.
+ * Validate password
*
* @param password user password
- * @throws AuthException Authenticate Exception
+ * @throws AuthException contains message why password is invalid
*/
public static void validatePassword(String password) throws AuthException {
if (password.length() < MIN_PASSWORD_LENGTH) {
throw new AuthException(
+ TSStatusCode.ILLEGAL_PARAMETER,
"Password's size must be greater than or equal to " + MIN_PASSWORD_LENGTH);
}
if (password.contains(" ")) {
- throw new AuthException("Password cannot contain spaces");
+ throw new AuthException(TSStatusCode.ILLEGAL_PARAMETER, "Password cannot contain spaces");
}
}
/**
- * validate username.
+ * Checking whether origin password is mapping to encrypt password by encryption
+ *
+ * @param originPassword the password before encryption
+ * @param encryptPassword the password after encryption
+ */
+ public static boolean validatePassword(String originPassword, String encryptPassword) {
+ return AsymmetricEncryptFactory.getEncryptProvider(
+ CommonDescriptor.getInstance().getConfig().getEncryptDecryptProvider(),
+ CommonDescriptor.getInstance().getConfig().getEncryptDecryptProviderParameter())
+ .validate(originPassword, encryptPassword);
+ }
+
+ /**
+ * Validate username
*
* @param username username
- * @throws AuthException Authenticate Exception
+ * @throws AuthException contains message why username is invalid
*/
public static void validateUsername(String username) throws AuthException {
if (username.length() < MIN_USERNAME_LENGTH) {
throw new AuthException(
+ TSStatusCode.ILLEGAL_PARAMETER,
"Username's size must be greater than or equal to " + MIN_USERNAME_LENGTH);
}
if (username.contains(" ")) {
- throw new AuthException("Username cannot contain spaces");
+ throw new AuthException(TSStatusCode.ILLEGAL_PARAMETER, "Username cannot contain spaces");
}
}
/**
- * validate role name.
+ * Validate role name
*
* @param rolename role name
- * @throws AuthException Authenticate Exception
+ * @throws AuthException contains message why rolename is invalid
*/
public static void validateRolename(String rolename) throws AuthException {
if (rolename.length() < MIN_ROLENAME_LENGTH) {
throw new AuthException(
+ TSStatusCode.ILLEGAL_PARAMETER,
"Role name's size must be greater than or equal to " + MIN_ROLENAME_LENGTH);
}
if (rolename.contains(" ")) {
- throw new AuthException("Rolename cannot contain spaces");
+ throw new AuthException(TSStatusCode.ILLEGAL_PARAMETER, "Role name cannot contain spaces");
}
}
/**
- * validate privilege.
+ * Validate privilege
*
* @param privilegeId privilege ID
- * @throws AuthException Authenticate Exception
+ * @throws AuthException contains message why privilege is invalid
*/
public static void validatePrivilege(int privilegeId) throws AuthException {
if (privilegeId < 0 || privilegeId >= PrivilegeType.values().length) {
- throw new AuthException(String.format("Invalid privilegeId %d", privilegeId));
+ throw new AuthException(
+ TSStatusCode.ILLEGAL_PARAMETER, String.format("Invalid privilegeId %d", privilegeId));
}
}
/**
- * validate series path.
+ * Validate path
*
* @param path series path
- * @throws AuthException Authenticate Exception
+ * @throws AuthException contains message why path is invalid
*/
public static void validatePath(String path) throws AuthException {
if (!path.startsWith(ROOT_PREFIX)) {
throw new AuthException(
+ TSStatusCode.ILLEGAL_PARAMETER,
String.format(
"Illegal seriesPath %s, seriesPath should start with \"%s\"", path, ROOT_PREFIX));
}
}
/**
- * validate privilege on path.
+ * Validate privilege on path
*
- * @param path series path
- * @param privilegeId privilege ID
- * @throws AuthException Authenticate Exception
+ * @param path the path of privilege
+ * @param privilegeId privilege Id
+ * @throws AuthException contains message why path is invalid
*/
public static void validatePrivilegeOnPath(String path, int privilegeId) throws AuthException {
validatePrivilege(privilegeId);
@@ -160,6 +172,7 @@ public class AuthUtils {
return;
default:
throw new AuthException(
+ TSStatusCode.UNKNOWN_AUTH_PRIVILEGE,
String.format("Illegal privilege %s on seriesPath %s", type, path));
}
} else {
@@ -180,7 +193,7 @@ public class AuthUtils {
}
/**
- * encrypt password.
+ * Encrypt password
*
* @param password password
* @return encrypted password if success
@@ -192,18 +205,12 @@ public class AuthUtils {
.encrypt(password);
}
- public static boolean validatePassword(String originPassword, String encryptPassword) {
- return AsymmetricEncryptFactory.getEncryptProvider(
- CommonDescriptor.getInstance().getConfig().getEncryptDecryptProvider(),
- CommonDescriptor.getInstance().getConfig().getEncryptDecryptProviderParameter())
- .validate(originPassword, encryptPassword);
- }
-
/**
- * check if pathA belongs to pathB according to path pattern.
+ * Check if pathA belongs to pathB according to path pattern.
*
* @param pathA sub-path
* @param pathB path
+ * @exception AuthException throw if pathA or pathB is invalid
* @return True if pathA is a sub pattern of pathB, e.g. pathA = "root.a.b.c" and pathB =
* "root.a.b.*", "root.a.**", "root.a.*.c", "root.**.c" or "root.*.b.**"
*/
@@ -213,16 +220,17 @@ public class AuthUtils {
PartialPath partialPathB = new PartialPath(pathB);
return partialPathB.matchFullPath(partialPathA);
} catch (IllegalPathException e) {
- throw new AuthException(e);
+ throw new AuthException(TSStatusCode.ILLEGAL_PARAMETER, e);
}
}
/**
- * check privilege.
+ * Check privilege
*
* @param path series path
- * @param privilegeId privilege ID
+ * @param privilegeId privilege Id
* @param privilegeList privileges in List structure
+ * @exception AuthException throw if path is invalid or path in privilege is invalid
* @return True if privilege-check passed
*/
public static boolean checkPrivilege(
@@ -248,11 +256,12 @@ public class AuthUtils {
}
/**
- * get privileges.
+ * Get privileges
*
* @param path The seriesPath on which the privileges take effect. If seriesPath-free privileges
- * are desired, this should be null.
- * @return The privileges granted to the role.
+ * are desired, this should be null
+ * @exception AuthException throw if path is invalid or path in privilege is invalid
+ * @return The privileges granted to the role
*/
public static Set<Integer> getPrivileges(String path, List<PathPrivilege> privilegeList)
throws AuthException {
@@ -276,7 +285,7 @@ public class AuthUtils {
}
/**
- * check if series path has this privilege.
+ * Check if series path has this privilege
*
* @param path series path
* @param privilegeId privilege Id
@@ -296,65 +305,67 @@ public class AuthUtils {
}
/**
- * add privilege.
+ * Add privilege
*
* @param path series path
* @param privilegeId privilege Id
- * @param privilegeList privileges in List structure
+ * @param privilegeList privileges in List structure of user or role
*/
public static void addPrivilege(String path, int privilegeId, List<PathPrivilege> privilegeList) {
+ PathPrivilege targetPathPrivilege = null;
+ // check PathPrivilege of target path is already existed
for (PathPrivilege pathPrivilege : privilegeList) {
if (pathPrivilege.getPath().equals(path)) {
- if (privilegeId != PrivilegeType.ALL.ordinal()) {
- pathPrivilege.getPrivileges().add(privilegeId);
- } else {
- for (PrivilegeType privilegeType : PrivilegeType.values()) {
- pathPrivilege.getPrivileges().add(privilegeType.ordinal());
- }
- }
- return;
+ targetPathPrivilege = pathPrivilege;
+ break;
}
}
- PathPrivilege pathPrivilege = new PathPrivilege(path);
+ // if not, then create new PathPrivilege
+ if (targetPathPrivilege == null) {
+ targetPathPrivilege = new PathPrivilege(path);
+ privilegeList.add(targetPathPrivilege);
+ }
+ // add privilegeId into targetPathPrivilege
if (privilegeId != PrivilegeType.ALL.ordinal()) {
- pathPrivilege.getPrivileges().add(privilegeId);
+ targetPathPrivilege.getPrivileges().add(privilegeId);
} else {
for (PrivilegeType privilegeType : PrivilegeType.values()) {
- pathPrivilege.getPrivileges().add(privilegeType.ordinal());
+ targetPathPrivilege.getPrivileges().add(privilegeType.ordinal());
}
}
- privilegeList.add(pathPrivilege);
}
/**
- * remove privilege.
+ * Remove privilege
*
* @param path series path
* @param privilegeId privilege Id
- * @param privilegeList privileges in List structure
+ * @param privilegeList privileges in List structure of user or role
*/
public static void removePrivilege(
String path, int privilegeId, List<PathPrivilege> privilegeList) {
- PathPrivilege emptyPrivilege = null;
+ PathPrivilege targetPathPrivilege = null;
for (PathPrivilege pathPrivilege : privilegeList) {
if (pathPrivilege.getPath().equals(path)) {
- if (privilegeId != PrivilegeType.ALL.ordinal()) {
- pathPrivilege.getPrivileges().remove(privilegeId);
- } else {
- privilegeList.remove(pathPrivilege);
- return;
- }
- if (pathPrivilege.getPrivileges().isEmpty()) {
- emptyPrivilege = pathPrivilege;
- }
+ targetPathPrivilege = pathPrivilege;
break;
}
}
- if (emptyPrivilege != null) {
- privilegeList.remove(emptyPrivilege);
+ if (targetPathPrivilege != null) {
+ if (privilegeId == PrivilegeType.ALL.ordinal()) {
+ // remove all privileges on target path
+ privilegeList.remove(targetPathPrivilege);
+ } else {
+ // remove privilege on target path
+ targetPathPrivilege.getPrivileges().remove(privilegeId);
+ if (targetPathPrivilege.getPrivileges().isEmpty()) {
+ privilegeList.remove(targetPathPrivilege);
+ }
+ }
}
}
+ /** Generate empty permission response when failed */
public static TPermissionInfoResp generateEmptyPermissionInfoResp() {
TPermissionInfoResp permissionInfoResp = new TPermissionInfoResp();
permissionInfoResp.setUserInfo(
@@ -365,29 +376,37 @@ public class AuthUtils {
return permissionInfoResp;
}
+ /**
+ * Transform permission from name to privilegeId
+ *
+ * @param authorizationList the list of privilege name
+ * @return the list of privilege Ids
+ * @throws AuthException throws if there are no privilege matched
+ */
public static Set<Integer> strToPermissions(String[] authorizationList) throws AuthException {
Set<Integer> result = new HashSet<>();
if (authorizationList == null) {
return result;
}
- for (String s : authorizationList) {
- PrivilegeType[] types = PrivilegeType.values();
+ PrivilegeType[] types = PrivilegeType.values();
+ for (String authorization : authorizationList) {
boolean legal = false;
- if ("SET_STORAGE_GROUP".equalsIgnoreCase(s)) {
- s = PrivilegeType.CREATE_DATABASE.name();
+ if ("SET_STORAGE_GROUP".equalsIgnoreCase(authorization)) {
+ authorization = PrivilegeType.CREATE_DATABASE.name();
}
- if ("DELETE_STORAGE_GROUP".equalsIgnoreCase(s)) {
- s = PrivilegeType.DELETE_DATABASE.name();
+ if ("DELETE_STORAGE_GROUP".equalsIgnoreCase(authorization)) {
+ authorization = PrivilegeType.DELETE_DATABASE.name();
}
for (PrivilegeType privilegeType : types) {
- if (s.equalsIgnoreCase(privilegeType.name())) {
+ if (authorization.equalsIgnoreCase(privilegeType.name())) {
result.add(privilegeType.ordinal());
legal = true;
break;
}
}
if (!legal) {
- throw new AuthException("No such privilege " + s);
+ throw new AuthException(
+ TSStatusCode.UNKNOWN_AUTH_PRIVILEGE, "No such privilege " + authorization);
}
}
return result;
diff --git a/node-commons/src/main/java/org/apache/iotdb/commons/utils/StatusUtils.java b/node-commons/src/main/java/org/apache/iotdb/commons/utils/StatusUtils.java
index 6eb10e4e50..c6f27eb22b 100644
--- a/node-commons/src/main/java/org/apache/iotdb/commons/utils/StatusUtils.java
+++ b/node-commons/src/main/java/org/apache/iotdb/commons/utils/StatusUtils.java
@@ -156,8 +156,8 @@ public class StatusUtils {
case NO_PERMISSION:
status.setMessage("No permissions for this operation, please add privilege.");
break;
- case UNINITIALIZED_AUTH_ERROR:
- status.setMessage("Uninitialized authorizer.");
+ case INIT_AUTH_ERROR:
+ status.setMessage("Failed to init authorizer.");
break;
case UNSUPPORTED_OPERATION:
status.setMessage("Unsupported operation.");
diff --git a/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java b/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
index 40fc04e1d2..7675c2e1d7 100644
--- a/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
+++ b/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
@@ -138,7 +138,7 @@ public class AuthorityChecker {
}
} catch (AuthException e) {
logger.error("Error occurs when checking the seriesPath {} for user {}", path, username, e);
- throw new AuthException(e);
+ throw new AuthException(TSStatusCode.ILLEGAL_PARAMETER, e);
}
return false;
}
@@ -155,7 +155,7 @@ public class AuthorityChecker {
}
} catch (AuthException e) {
logger.warn("meet error while checking authorization.", e);
- return RpcUtils.getStatus(TSStatusCode.UNINITIALIZED_AUTH_ERROR, e.getMessage());
+ return RpcUtils.getStatus(e.getCode(), e.getMessage());
} catch (Exception e) {
return onQueryException(
e, OperationType.CHECK_AUTHORITY.getName(), TSStatusCode.EXECUTE_STATEMENT_ERROR);
diff --git a/server/src/main/java/org/apache/iotdb/db/auth/AuthorizerManager.java b/server/src/main/java/org/apache/iotdb/db/auth/AuthorizerManager.java
index 319c6f34b1..dcb609384a 100644
--- a/server/src/main/java/org/apache/iotdb/db/auth/AuthorizerManager.java
+++ b/server/src/main/java/org/apache/iotdb/db/auth/AuthorizerManager.java
@@ -30,7 +30,6 @@ import org.apache.iotdb.db.mpp.common.header.ColumnHeader;
import org.apache.iotdb.db.mpp.common.header.DatasetHeader;
import org.apache.iotdb.db.mpp.plan.execution.config.ConfigTaskResult;
import org.apache.iotdb.db.mpp.plan.statement.sys.AuthorStatement;
-import org.apache.iotdb.rpc.ConfigNodeConnectionException;
import org.apache.iotdb.rpc.TSStatusCode;
import org.apache.iotdb.tsfile.file.metadata.enums.TSDataType;
import org.apache.iotdb.tsfile.read.common.block.TsBlockBuilder;
@@ -53,22 +52,20 @@ public class AuthorizerManager implements IAuthorizer {
private static final Logger logger = LoggerFactory.getLogger(AuthorizerManager.class);
- private IAuthorizer iAuthorizer;
- private ReentrantReadWriteLock authReadWriteLock;
- private IoTDBDescriptor conf = IoTDBDescriptor.getInstance();
+ private final ReentrantReadWriteLock authReadWriteLock = new ReentrantReadWriteLock();
+ private IAuthorizer authorizer;
private IAuthorityFetcher authorityFetcher;
public AuthorizerManager() {
try {
- iAuthorizer = BasicAuthorizer.getInstance();
- authReadWriteLock = new ReentrantReadWriteLock();
- if (conf.getConfig().isClusterMode()) {
+ authorizer = BasicAuthorizer.getInstance();
+ if (IoTDBDescriptor.getInstance().getConfig().isClusterMode()) {
authorityFetcher = new ClusterAuthorityFetcher(new BasicAuthorityCache());
} else {
authorityFetcher = new StandaloneAuthorityFetcher();
}
} catch (AuthException e) {
- logger.error(e.getMessage());
+ logger.error("Failed to initial AuthorizerManager", e);
}
}
@@ -76,7 +73,9 @@ public class AuthorizerManager implements IAuthorizer {
private static class AuthorizerManagerHolder {
private static final AuthorizerManager INSTANCE = new AuthorizerManager();
- private AuthorizerManagerHolder() {}
+ private AuthorizerManagerHolder() {
+ // Empty constructor
+ }
}
public static AuthorizerManager getInstance() {
@@ -87,7 +86,7 @@ public class AuthorizerManager implements IAuthorizer {
public boolean login(String username, String password) throws AuthException {
authReadWriteLock.readLock().lock();
try {
- return iAuthorizer.login(username, password);
+ return authorizer.login(username, password);
} finally {
authReadWriteLock.readLock().unlock();
}
@@ -97,7 +96,7 @@ public class AuthorizerManager implements IAuthorizer {
public void createUser(String username, String password) throws AuthException {
authReadWriteLock.writeLock().lock();
try {
- iAuthorizer.createUser(username, password);
+ authorizer.createUser(username, password);
} finally {
authReadWriteLock.writeLock().unlock();
}
@@ -107,7 +106,7 @@ public class AuthorizerManager implements IAuthorizer {
public void deleteUser(String username) throws AuthException {
authReadWriteLock.writeLock().lock();
try {
- iAuthorizer.deleteUser(username);
+ authorizer.deleteUser(username);
} finally {
authReadWriteLock.writeLock().unlock();
}
@@ -118,7 +117,7 @@ public class AuthorizerManager implements IAuthorizer {
throws AuthException {
authReadWriteLock.writeLock().lock();
try {
- iAuthorizer.grantPrivilegeToUser(username, path, privilegeId);
+ authorizer.grantPrivilegeToUser(username, path, privilegeId);
} finally {
authReadWriteLock.writeLock().unlock();
}
@@ -129,7 +128,7 @@ public class AuthorizerManager implements IAuthorizer {
throws AuthException {
authReadWriteLock.writeLock().lock();
try {
- iAuthorizer.revokePrivilegeFromUser(username, path, privilegeId);
+ authorizer.revokePrivilegeFromUser(username, path, privilegeId);
} finally {
authReadWriteLock.writeLock().unlock();
}
@@ -139,7 +138,7 @@ public class AuthorizerManager implements IAuthorizer {
public void createRole(String roleName) throws AuthException {
authReadWriteLock.writeLock().lock();
try {
- iAuthorizer.createRole(roleName);
+ authorizer.createRole(roleName);
} finally {
authReadWriteLock.writeLock().unlock();
}
@@ -149,7 +148,7 @@ public class AuthorizerManager implements IAuthorizer {
public void deleteRole(String roleName) throws AuthException {
authReadWriteLock.writeLock().lock();
try {
- iAuthorizer.deleteRole(roleName);
+ authorizer.deleteRole(roleName);
} finally {
authReadWriteLock.writeLock().unlock();
}
@@ -160,7 +159,7 @@ public class AuthorizerManager implements IAuthorizer {
throws AuthException {
authReadWriteLock.writeLock().lock();
try {
- iAuthorizer.grantPrivilegeToRole(roleName, path, privilegeId);
+ authorizer.grantPrivilegeToRole(roleName, path, privilegeId);
} finally {
authReadWriteLock.writeLock().unlock();
}
@@ -171,7 +170,7 @@ public class AuthorizerManager implements IAuthorizer {
throws AuthException {
authReadWriteLock.writeLock().lock();
try {
- iAuthorizer.revokePrivilegeFromRole(roleName, path, privilegeId);
+ authorizer.revokePrivilegeFromRole(roleName, path, privilegeId);
} finally {
authReadWriteLock.writeLock().unlock();
}
@@ -181,7 +180,7 @@ public class AuthorizerManager implements IAuthorizer {
public void grantRoleToUser(String roleName, String username) throws AuthException {
authReadWriteLock.writeLock().lock();
try {
- iAuthorizer.grantRoleToUser(roleName, username);
+ authorizer.grantRoleToUser(roleName, username);
} finally {
authReadWriteLock.writeLock().unlock();
}
@@ -191,7 +190,7 @@ public class AuthorizerManager implements IAuthorizer {
public void revokeRoleFromUser(String roleName, String username) throws AuthException {
authReadWriteLock.writeLock().lock();
try {
- iAuthorizer.revokeRoleFromUser(roleName, username);
+ authorizer.revokeRoleFromUser(roleName, username);
} finally {
authReadWriteLock.writeLock().unlock();
}
@@ -201,7 +200,7 @@ public class AuthorizerManager implements IAuthorizer {
public Set<Integer> getPrivileges(String username, String path) throws AuthException {
authReadWriteLock.readLock().lock();
try {
- return iAuthorizer.getPrivileges(username, path);
+ return authorizer.getPrivileges(username, path);
} finally {
authReadWriteLock.readLock().unlock();
}
@@ -211,7 +210,7 @@ public class AuthorizerManager implements IAuthorizer {
public void updateUserPassword(String username, String newPassword) throws AuthException {
authReadWriteLock.writeLock().lock();
try {
- iAuthorizer.updateUserPassword(username, newPassword);
+ authorizer.updateUserPassword(username, newPassword);
} finally {
authReadWriteLock.writeLock().unlock();
}
@@ -222,7 +221,7 @@ public class AuthorizerManager implements IAuthorizer {
throws AuthException {
authReadWriteLock.readLock().lock();
try {
- return iAuthorizer.checkUserPrivileges(username, path, privilegeId);
+ return authorizer.checkUserPrivileges(username, path, privilegeId);
} finally {
authReadWriteLock.readLock().unlock();
}
@@ -230,14 +229,14 @@ public class AuthorizerManager implements IAuthorizer {
@Override
public void reset() throws AuthException {
- iAuthorizer.reset();
+ authorizer.reset();
}
@Override
public List<String> listAllUsers() {
authReadWriteLock.readLock().lock();
try {
- return iAuthorizer.listAllUsers();
+ return authorizer.listAllUsers();
} finally {
authReadWriteLock.readLock().unlock();
}
@@ -247,7 +246,7 @@ public class AuthorizerManager implements IAuthorizer {
public List<String> listAllRoles() {
authReadWriteLock.readLock().lock();
try {
- return iAuthorizer.listAllRoles();
+ return authorizer.listAllRoles();
} finally {
authReadWriteLock.readLock().unlock();
}
@@ -257,7 +256,7 @@ public class AuthorizerManager implements IAuthorizer {
public Role getRole(String roleName) throws AuthException {
authReadWriteLock.readLock().lock();
try {
- return iAuthorizer.getRole(roleName);
+ return authorizer.getRole(roleName);
} finally {
authReadWriteLock.readLock().unlock();
}
@@ -267,7 +266,7 @@ public class AuthorizerManager implements IAuthorizer {
public User getUser(String username) throws AuthException {
authReadWriteLock.readLock().lock();
try {
- return iAuthorizer.getUser(username);
+ return authorizer.getUser(username);
} finally {
authReadWriteLock.readLock().unlock();
}
@@ -277,7 +276,7 @@ public class AuthorizerManager implements IAuthorizer {
public boolean isUserUseWaterMark(String userName) throws AuthException {
authReadWriteLock.readLock().lock();
try {
- return iAuthorizer.isUserUseWaterMark(userName);
+ return authorizer.isUserUseWaterMark(userName);
} finally {
authReadWriteLock.readLock().unlock();
}
@@ -287,7 +286,7 @@ public class AuthorizerManager implements IAuthorizer {
public void setUserUseWaterMark(String userName, boolean useWaterMark) throws AuthException {
authReadWriteLock.readLock().lock();
try {
- iAuthorizer.setUserUseWaterMark(userName, useWaterMark);
+ authorizer.setUserUseWaterMark(userName, useWaterMark);
} finally {
authReadWriteLock.readLock().unlock();
}
@@ -297,7 +296,7 @@ public class AuthorizerManager implements IAuthorizer {
public Map<String, Boolean> getAllUserWaterMarkStatus() {
authReadWriteLock.readLock().lock();
try {
- return iAuthorizer.getAllUserWaterMarkStatus();
+ return authorizer.getAllUserWaterMarkStatus();
} finally {
authReadWriteLock.readLock().unlock();
}
@@ -307,7 +306,7 @@ public class AuthorizerManager implements IAuthorizer {
public Map<String, User> getAllUsers() {
authReadWriteLock.readLock().lock();
try {
- return iAuthorizer.getAllUsers();
+ return authorizer.getAllUsers();
} finally {
authReadWriteLock.readLock().unlock();
}
@@ -317,7 +316,7 @@ public class AuthorizerManager implements IAuthorizer {
public Map<String, Role> getAllRoles() {
authReadWriteLock.readLock().lock();
try {
- return iAuthorizer.getAllRoles();
+ return authorizer.getAllRoles();
} finally {
authReadWriteLock.readLock().unlock();
}
@@ -327,7 +326,7 @@ public class AuthorizerManager implements IAuthorizer {
public void replaceAllUsers(Map<String, User> users) throws AuthException {
authReadWriteLock.readLock().lock();
try {
- iAuthorizer.replaceAllUsers(users);
+ authorizer.replaceAllUsers(users);
} finally {
authReadWriteLock.readLock().unlock();
}
@@ -337,7 +336,7 @@ public class AuthorizerManager implements IAuthorizer {
public void replaceAllRoles(Map<String, Role> roles) throws AuthException {
authReadWriteLock.readLock().lock();
try {
- iAuthorizer.replaceAllRoles(roles);
+ authorizer.replaceAllRoles(roles);
} finally {
authReadWriteLock.readLock().unlock();
}
@@ -347,7 +346,7 @@ public class AuthorizerManager implements IAuthorizer {
public boolean processTakeSnapshot(File snapshotDir) throws TException, IOException {
authReadWriteLock.writeLock().lock();
try {
- return iAuthorizer.processTakeSnapshot(snapshotDir);
+ return authorizer.processTakeSnapshot(snapshotDir);
} finally {
authReadWriteLock.writeLock().unlock();
}
@@ -357,7 +356,7 @@ public class AuthorizerManager implements IAuthorizer {
public void processLoadSnapshot(File snapshotDir) throws TException, IOException {
authReadWriteLock.writeLock().lock();
try {
- iAuthorizer.processLoadSnapshot(snapshotDir);
+ authorizer.processLoadSnapshot(snapshotDir);
} finally {
authReadWriteLock.writeLock().unlock();
}
@@ -374,7 +373,7 @@ public class AuthorizerManager implements IAuthorizer {
}
/** Check the user */
- public TSStatus checkUser(String username, String password) throws ConfigNodeConnectionException {
+ public TSStatus checkUser(String username, String password) {
authReadWriteLock.readLock().lock();
try {
return authorityFetcher.checkUser(username, password);
diff --git a/server/src/main/java/org/apache/iotdb/db/auth/StandaloneAuthorityFetcher.java b/server/src/main/java/org/apache/iotdb/db/auth/StandaloneAuthorityFetcher.java
index 12bedec871..0e8003bf18 100644
--- a/server/src/main/java/org/apache/iotdb/db/auth/StandaloneAuthorityFetcher.java
+++ b/server/src/main/java/org/apache/iotdb/db/auth/StandaloneAuthorityFetcher.java
@@ -50,7 +50,7 @@ public class StandaloneAuthorityFetcher implements IAuthorityFetcher {
return RpcUtils.getStatus(TSStatusCode.WRONG_LOGIN_PASSWORD, "Authentication failed.");
}
} catch (AuthException e) {
- return RpcUtils.getStatus(TSStatusCode.AUTHENTICATION_ERROR, e.getMessage());
+ return RpcUtils.getStatus(e.getCode(), e.getMessage());
}
}
@@ -83,7 +83,7 @@ public class StandaloneAuthorityFetcher implements IAuthorityFetcher {
}
} catch (AuthException e) {
logger.error("Error occurs when checking the seriesPath {} for user {}", path, username, e);
- throw new AuthException(e);
+ throw new AuthException(TSStatusCode.ILLEGAL_PATH, e);
}
return false;
}
diff --git a/server/src/main/java/org/apache/iotdb/db/localconfignode/LocalConfigNode.java b/server/src/main/java/org/apache/iotdb/db/localconfignode/LocalConfigNode.java
index 8c29db709f..98a9e1d23d 100644
--- a/server/src/main/java/org/apache/iotdb/db/localconfignode/LocalConfigNode.java
+++ b/server/src/main/java/org/apache/iotdb/db/localconfignode/LocalConfigNode.java
@@ -858,7 +858,8 @@ public class LocalConfigNode {
iAuthorizer.revokeRoleFromUser(roleName, userName);
break;
default:
- throw new AuthException("Unsupported operation " + authorType);
+ throw new AuthException(
+ TSStatusCode.UNSUPPORTED_AUTH_OPERATION, "Unsupported operation " + authorType);
}
}
@@ -876,7 +877,8 @@ public class LocalConfigNode {
case LIST_ROLE_PRIVILEGE:
return executeListRolePrivileges(authorStatement);
default:
- throw new AuthException("Unsupported operation " + authorType);
+ throw new AuthException(
+ TSStatusCode.UNSUPPORTED_AUTH_OPERATION, "Unsupported operation " + authorType);
}
}
@@ -884,14 +886,10 @@ public class LocalConfigNode {
throws AuthException {
List<String> userList = iAuthorizer.listAllUsers();
if (authorStatement.getRoleName() != null && !authorStatement.getRoleName().isEmpty()) {
- Role role;
- try {
- role = iAuthorizer.getRole(authorStatement.getRoleName());
- if (role == null) {
- throw new AuthException("No such role : " + authorStatement.getRoleName());
- }
- } catch (AuthException e) {
- throw new AuthException(e);
+ Role role = iAuthorizer.getRole(authorStatement.getRoleName());
+ if (role == null) {
+ throw new AuthException(
+ TSStatusCode.ROLE_NOT_EXIST, "No such role : " + authorStatement.getRoleName());
}
Iterator<String> itr = userList.iterator();
while (itr.hasNext()) {
@@ -913,18 +911,12 @@ public class LocalConfigNode {
if (authorStatement.getUserName() == null || authorStatement.getUserName().isEmpty()) {
roleList.addAll(iAuthorizer.listAllRoles());
} else {
- User user;
- try {
- user = iAuthorizer.getUser(authorStatement.getUserName());
- if (user == null) {
- throw new AuthException("No such user : " + authorStatement.getUserName());
- }
- } catch (AuthException e) {
- throw new AuthException(e);
- }
- for (String roleN : user.getRoleList()) {
- roleList.add(roleN);
+ User user = iAuthorizer.getUser(authorStatement.getUserName());
+ if (user == null) {
+ throw new AuthException(
+ TSStatusCode.USER_NOT_EXIST, "No such user : " + authorStatement.getUserName());
}
+ roleList.addAll(user.getRoleList());
}
Map<String, List<String>> permissionInfo = new HashMap<>();
@@ -935,14 +927,10 @@ public class LocalConfigNode {
public Map<String, List<String>> executeListRolePrivileges(AuthorStatement authorStatement)
throws AuthException {
Map<String, List<String>> permissionInfo = new HashMap<>();
- Role role;
- try {
- role = iAuthorizer.getRole(authorStatement.getRoleName());
- if (role == null) {
- throw new AuthException("No such role : " + authorStatement.getRoleName());
- }
- } catch (AuthException e) {
- throw new AuthException(e);
+ Role role = iAuthorizer.getRole(authorStatement.getRoleName());
+ if (role == null) {
+ throw new AuthException(
+ TSStatusCode.ROLE_NOT_EXIST, "No such role : " + authorStatement.getRoleName());
}
Set<String> rolePrivilegeSet = new HashSet<>();
for (PathPrivilege pathPrivilege : role.getPrivilegeList()) {
@@ -964,14 +952,10 @@ public class LocalConfigNode {
public Map<String, List<String>> executeListUserPrivileges(AuthorStatement authorStatement)
throws AuthException {
Map<String, List<String>> permissionInfo = new HashMap<>();
- User user;
- try {
- user = iAuthorizer.getUser(authorStatement.getUserName());
- if (user == null) {
- throw new AuthException("No such user : " + authorStatement.getUserName());
- }
- } catch (AuthException e) {
- throw new AuthException(e);
+ User user = iAuthorizer.getUser(authorStatement.getUserName());
+ if (user == null) {
+ throw new AuthException(
+ TSStatusCode.USER_NOT_EXIST, "No such user : " + authorStatement.getUserName());
}
List<String> userPrivilegesList = new ArrayList<>();
diff --git a/server/src/main/java/org/apache/iotdb/db/protocol/influxdb/handler/AbstractQueryHandler.java b/server/src/main/java/org/apache/iotdb/db/protocol/influxdb/handler/AbstractQueryHandler.java
index 10cdef4cd0..513c5d7b5f 100644
--- a/server/src/main/java/org/apache/iotdb/db/protocol/influxdb/handler/AbstractQueryHandler.java
+++ b/server/src/main/java/org/apache/iotdb/db/protocol/influxdb/handler/AbstractQueryHandler.java
@@ -129,8 +129,7 @@ public abstract class AbstractQueryHandler {
.setStatus(RpcUtils.getInfluxDBStatus(TSStatusCode.SUCCESS_STATUS));
} catch (AuthException e) {
return tsQueryResultRsp.setStatus(
- RpcUtils.getInfluxDBStatus(
- TSStatusCode.UNINITIALIZED_AUTH_ERROR.getStatusCode(), e.getMessage()));
+ RpcUtils.getInfluxDBStatus(e.getCode().getStatusCode(), e.getMessage()));
}
}
diff --git a/server/src/main/java/org/apache/iotdb/db/protocol/rest/filter/AuthorizationFilter.java b/server/src/main/java/org/apache/iotdb/db/protocol/rest/filter/AuthorizationFilter.java
index 58cf062275..68a5f1a858 100644
--- a/server/src/main/java/org/apache/iotdb/db/protocol/rest/filter/AuthorizationFilter.java
+++ b/server/src/main/java/org/apache/iotdb/db/protocol/rest/filter/AuthorizationFilter.java
@@ -23,7 +23,6 @@ import org.apache.iotdb.db.auth.AuthorizerManager;
import org.apache.iotdb.db.conf.rest.IoTDBRestServiceConfig;
import org.apache.iotdb.db.conf.rest.IoTDBRestServiceDescriptor;
import org.apache.iotdb.db.protocol.rest.model.ExecutionStatus;
-import org.apache.iotdb.rpc.ConfigNodeConnectionException;
import org.apache.iotdb.rpc.TSStatusCode;
import org.glassfish.jersey.internal.util.Base64;
@@ -74,8 +73,8 @@ public class AuthorizationFilter implements ContainerRequestFilter {
.type(MediaType.APPLICATION_JSON)
.entity(
new ExecutionStatus()
- .code(TSStatusCode.UNINITIALIZED_AUTH_ERROR.getStatusCode())
- .message(TSStatusCode.UNINITIALIZED_AUTH_ERROR.name()))
+ .code(TSStatusCode.INIT_AUTH_ERROR.getStatusCode())
+ .message(TSStatusCode.INIT_AUTH_ERROR.name()))
.build();
containerRequestContext.abortWith(resp);
return;
@@ -108,8 +107,8 @@ public class AuthorizationFilter implements ContainerRequestFilter {
.type(MediaType.APPLICATION_JSON)
.entity(
new ExecutionStatus()
- .code(TSStatusCode.AUTHENTICATION_ERROR.getStatusCode())
- .message(TSStatusCode.AUTHENTICATION_ERROR.name()))
+ .code(TSStatusCode.ILLEGAL_PARAMETER.getStatusCode())
+ .message("Illegal format of authorization header."))
.build();
containerRequestContext.abortWith(resp);
return null;
@@ -118,29 +117,15 @@ public class AuthorizationFilter implements ContainerRequestFilter {
User user = new User();
user.setUsername(split[0]);
user.setPassword(split[1]);
- try {
- TSStatus tsStatus = ((AuthorizerManager) authorizer).checkUser(split[0], split[1]);
- if (tsStatus.code != 200) {
- Response resp =
- Response.status(Status.UNAUTHORIZED)
- .type(MediaType.APPLICATION_JSON)
- .entity(
- new ExecutionStatus()
- .code(TSStatusCode.WRONG_LOGIN_PASSWORD.getStatusCode())
- .message(TSStatusCode.WRONG_LOGIN_PASSWORD.name()))
- .build();
- containerRequestContext.abortWith(resp);
- return null;
- }
- } catch (ConfigNodeConnectionException e) {
- LOGGER.warn(e.getMessage(), e);
+ TSStatus tsStatus = ((AuthorizerManager) authorizer).checkUser(split[0], split[1]);
+ if (tsStatus.code != 200) {
Response resp =
- Response.status(Status.INTERNAL_SERVER_ERROR)
+ Response.status(Status.UNAUTHORIZED)
.type(MediaType.APPLICATION_JSON)
.entity(
new ExecutionStatus()
- .code(TSStatusCode.INTERNAL_SERVER_ERROR.getStatusCode())
- .message(e.getMessage()))
+ .code(TSStatusCode.WRONG_LOGIN_PASSWORD.getStatusCode())
+ .message(TSStatusCode.WRONG_LOGIN_PASSWORD.name()))
.build();
containerRequestContext.abortWith(resp);
return null;
diff --git a/server/src/main/java/org/apache/iotdb/db/qp/executor/PlanExecutor.java b/server/src/main/java/org/apache/iotdb/db/qp/executor/PlanExecutor.java
index 892c7cfd5e..6c64d769b9 100644
--- a/server/src/main/java/org/apache/iotdb/db/qp/executor/PlanExecutor.java
+++ b/server/src/main/java/org/apache/iotdb/db/qp/executor/PlanExecutor.java
@@ -81,6 +81,7 @@ import org.apache.iotdb.db.query.dataset.SingleDataSet;
import org.apache.iotdb.db.query.executor.IQueryRouter;
import org.apache.iotdb.db.query.executor.QueryRouter;
import org.apache.iotdb.db.service.IoTDB;
+import org.apache.iotdb.rpc.TSStatusCode;
import org.apache.iotdb.tsfile.exception.filter.QueryFilterOptimizationException;
import org.apache.iotdb.tsfile.exception.write.UnSupportedDataTypeException;
import org.apache.iotdb.tsfile.file.metadata.enums.TSDataType;
@@ -757,7 +758,7 @@ public class PlanExecutor implements IPlanExecutor {
private ListDataSet executeListRoleUsers(String roleName) throws AuthException {
Role role = authorizerManager.getRole(roleName);
if (role == null) {
- throw new AuthException("No such role : " + roleName);
+ throw new AuthException(TSStatusCode.ROLE_NOT_EXIST, "No such role : " + roleName);
}
ListDataSet dataSet =
new ListDataSet(
@@ -795,7 +796,7 @@ public class PlanExecutor implements IPlanExecutor {
}
return dataSet;
} else {
- throw new AuthException("No such user : " + userName);
+ throw new AuthException(TSStatusCode.USER_NOT_EXIST, "No such user : " + userName);
}
}
@@ -830,7 +831,7 @@ public class PlanExecutor implements IPlanExecutor {
}
return dataSet;
} else {
- throw new AuthException("No such role : " + roleName);
+ throw new AuthException(TSStatusCode.ROLE_NOT_EXIST, "No such role : " + roleName);
}
}
@@ -838,7 +839,7 @@ public class PlanExecutor implements IPlanExecutor {
throws AuthException {
User user = authorizerManager.getUser(userName);
if (user == null) {
- throw new AuthException("No such user : " + userName);
+ throw new AuthException(TSStatusCode.USER_NOT_EXIST, "No such user : " + userName);
}
List<PartialPath> headerList = new ArrayList<>();
List<TSDataType> typeList = new ArrayList<>();
diff --git a/server/src/main/java/org/apache/iotdb/db/query/control/SessionManager.java b/server/src/main/java/org/apache/iotdb/db/query/control/SessionManager.java
index 68cc811b6e..372b183566 100644
--- a/server/src/main/java/org/apache/iotdb/db/query/control/SessionManager.java
+++ b/server/src/main/java/org/apache/iotdb/db/query/control/SessionManager.java
@@ -31,7 +31,6 @@ import org.apache.iotdb.db.qp.physical.PhysicalPlan;
import org.apache.iotdb.db.qp.physical.sys.AuthorPlan;
import org.apache.iotdb.db.query.control.clientsession.IClientSession;
import org.apache.iotdb.db.service.basic.BasicOpenSessionResp;
-import org.apache.iotdb.rpc.ConfigNodeConnectionException;
import org.apache.iotdb.rpc.RpcUtils;
import org.apache.iotdb.rpc.TSStatusCode;
import org.apache.iotdb.service.rpc.thrift.TSConnectionInfo;
@@ -95,42 +94,33 @@ public class SessionManager implements SessionManagerMBean {
TSStatus loginStatus;
BasicOpenSessionResp openSessionResp = new BasicOpenSessionResp();
- try {
- loginStatus = AuthorizerManager.getInstance().checkUser(username, password);
- if (loginStatus.getCode() == TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
- // check the version compatibility
- if (!tsProtocolVersion.equals(CURRENT_RPC_VERSION)) {
- openSessionResp
- .sessionId(-1)
- .setCode(TSStatusCode.INCOMPATIBLE_VERSION.getStatusCode())
- .setMessage(
- "The version is incompatible, please upgrade to " + IoTDBConstant.VERSION);
- } else {
- supplySession(session, username, zoneId, clientVersion);
-
- openSessionResp
- .sessionId(session.getId())
- .setCode(TSStatusCode.SUCCESS_STATUS.getStatusCode())
- .setMessage("Login successfully");
-
- LOGGER.info(
- "{}: Login status: {}. User : {}, opens Session-{}",
- IoTDBConstant.GLOBAL_DB_NAME,
- openSessionResp.getMessage(),
- username,
- session);
- }
+ loginStatus = AuthorizerManager.getInstance().checkUser(username, password);
+ if (loginStatus.getCode() == TSStatusCode.SUCCESS_STATUS.getStatusCode()) {
+ // check the version compatibility
+ if (!tsProtocolVersion.equals(CURRENT_RPC_VERSION)) {
+ openSessionResp
+ .sessionId(-1)
+ .setCode(TSStatusCode.INCOMPATIBLE_VERSION.getStatusCode())
+ .setMessage("The version is incompatible, please upgrade to " + IoTDBConstant.VERSION);
} else {
- AUDIT_LOGGER.info("User {} opens Session failed with an incorrect password", username);
-
- openSessionResp.sessionId(-1).setMessage(loginStatus.message).setCode(loginStatus.code);
+ supplySession(session, username, zoneId, clientVersion);
+
+ openSessionResp
+ .sessionId(session.getId())
+ .setCode(TSStatusCode.SUCCESS_STATUS.getStatusCode())
+ .setMessage("Login successfully");
+
+ LOGGER.info(
+ "{}: Login status: {}. User : {}, opens Session-{}",
+ IoTDBConstant.GLOBAL_DB_NAME,
+ openSessionResp.getMessage(),
+ username,
+ session);
}
- } catch (ConfigNodeConnectionException e) {
- LOGGER.error("Failed to connect to ConfigNode, because ", e);
- openSessionResp
- .sessionId(-1)
- .setCode(TSStatusCode.AUTHENTICATION_ERROR.getStatusCode())
- .setMessage(e.getMessage());
+ } else {
+ AUDIT_LOGGER.info("User {} opens Session failed with an incorrect password", username);
+
+ openSessionResp.sessionId(-1).setMessage(loginStatus.message).setCode(loginStatus.code);
}
return openSessionResp;
@@ -278,7 +268,7 @@ public class SessionManager implements SessionManagerMBean {
}
} catch (AuthException e) {
LOGGER.warn("meet error while checking authorization.", e);
- return RpcUtils.getStatus(TSStatusCode.UNINITIALIZED_AUTH_ERROR, e.getMessage());
+ return RpcUtils.getStatus(e.getCode(), e.getMessage());
} catch (Exception e) {
return onQueryException(
e, OperationType.CHECK_AUTHORITY.getName(), TSStatusCode.EXECUTE_STATEMENT_ERROR);
diff --git a/service-rpc/src/main/java/org/apache/iotdb/rpc/TSStatusCode.java b/service-rpc/src/main/java/org/apache/iotdb/rpc/TSStatusCode.java
index 7009054844..ea81cdca0c 100644
--- a/service-rpc/src/main/java/org/apache/iotdb/rpc/TSStatusCode.java
+++ b/service-rpc/src/main/java/org/apache/iotdb/rpc/TSStatusCode.java
@@ -107,14 +107,22 @@ public enum TSStatusCode {
INTERNAL_REQUEST_RETRY_ERROR(713),
// Authentication
- AUTHENTICATION_ERROR(800),
+ INIT_AUTH_ERROR(800),
WRONG_LOGIN_PASSWORD(801),
NOT_LOGIN(802),
NO_PERMISSION(803),
- UNINITIALIZED_AUTH_ERROR(804),
- USER_NOT_EXIST(805),
- ROLE_NOT_EXIST(806),
- CLEAR_PERMISSION_CACHE_ERROR(807),
+ USER_NOT_EXIST(804),
+ USER_ALREADY_EXIST(805),
+ USER_ALREADY_HAS_ROLE(806),
+ USER_NOT_HAS_ROLE(807),
+ ROLE_NOT_EXIST(808),
+ ROLE_ALREADY_EXIST(809),
+ ALREADY_HAS_PRIVILEGE(810),
+ NOT_HAS_PRIVILEGE(811),
+ CLEAR_PERMISSION_CACHE_ERROR(812),
+ UNKNOWN_AUTH_PRIVILEGE(813),
+ UNSUPPORTED_AUTH_OPERATION(814),
+ AUTH_IO_EXCEPTION(815),
// Partition Error
MIGRATE_REGION_ERROR(900),