You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@shardingsphere.apache.org by zh...@apache.org on 2021/02/03 16:39:31 UTC
[shardingsphere] branch master updated: Delete authorizedSchemas
configuration (#9300)
This is an automated email from the ASF dual-hosted git repository.
zhangliang pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shardingsphere.git
The following commit(s) were added to refs/heads/master by this push:
new 9d537ba Delete authorizedSchemas configuration (#9300)
9d537ba is described below
commit 9d537bac95c5015f771d074f0d6387149c84eefc
Author: Juan Pan(Trista) <pa...@apache.org>
AuthorDate: Thu Feb 4 00:39:10 2021 +0800
Delete authorizedSchemas configuration (#9300)
---
.../src/main/resources/conf/server.yaml | 1 -
.../listener/AuthenticationChangedListenerTest.java | 3 +--
.../governance/core/facade/GovernanceFacadeTest.java | 2 +-
.../yaml/configCenter/data-authentication.yaml | 2 --
.../auth/builtin/yaml/config/YamlUserConfiguration.java | 2 --
.../auth/builtin/yaml/swapper/UserRuleYamlSwapper.java | 14 ++------------
.../infra/auth/privilege/data/DataPrivilege.java | 17 +++++++++++++++++
.../infra/auth/privilege/data/SchemaPrivilege.java | 10 ++++++++++
.../infra/auth/user/ShardingSphereUser.java | 4 ----
.../yaml/config/YamlEngineUserConfigurationTest.java | 12 ++++--------
.../builtin/yaml/swapper/UserRuleYamlSwapperTest.java | 17 +++++------------
.../infra/yaml/engine/YamlEngineTest.java | 3 +--
.../admin/mysql/executor/ShowDatabasesExecutor.java | 16 ++++++++++------
.../text/admin/mysql/executor/UseDatabaseExecutor.java | 8 +++-----
.../admin/mysql/executor/ShowDatabasesExecutorTest.java | 7 +++----
.../admin/mysql/executor/ShowTablesExecutorTest.java | 7 +++----
.../admin/mysql/executor/UseDatabaseExecutorTest.java | 5 ++---
.../impl/SchemaAssignedDatabaseBackendHandlerTest.java | 5 ++---
.../data/impl/UnicastDatabaseBackendHandlerTest.java | 5 ++---
.../src/main/resources/conf/server.yaml | 1 -
.../impl/GovernanceBootstrapInitializerTest.java | 3 ---
.../impl/StandardBootstrapInitializerTest.java | 4 ----
.../src/test/resources/conf/local/server.yaml | 1 -
.../conf/reg_center/config_center/authentication.yaml | 1 -
.../yaml/swapper/YamlProxyConfigurationSwapperTest.java | 4 ----
.../src/test/resources/conf/server.yaml | 1 -
.../frontend/mysql/auth/MySQLAuthenticationHandler.java | 9 ++-------
.../command/admin/initdb/MySQLComInitDbExecutor.java | 7 +++----
.../proxy/frontend/mysql/MySQLFrontendEngineTest.java | 6 +++---
.../mysql/auth/MySQLAuthenticationHandlerTest.java | 10 +++++-----
.../auth/PostgreSQLAuthenticationHandler.java | 10 ++--------
.../auth/PostgreSQLAuthenticationEngineTest.java | 4 +---
32 files changed, 82 insertions(+), 119 deletions(-)
diff --git a/shardingsphere-distribution/shardingsphere-proxy-distribution/src/main/resources/conf/server.yaml b/shardingsphere-distribution/shardingsphere-proxy-distribution/src/main/resources/conf/server.yaml
index 1978253..c1025b5 100644
--- a/shardingsphere-distribution/shardingsphere-proxy-distribution/src/main/resources/conf/server.yaml
+++ b/shardingsphere-distribution/shardingsphere-proxy-distribution/src/main/resources/conf/server.yaml
@@ -39,7 +39,6 @@
# password: root
# sharding:
# password: sharding
-# authorizedSchemas: sharding_db
#scaling:
# blockQueueSize: 10000
diff --git a/shardingsphere-governance/shardingsphere-governance-core/src/test/java/org/apache/shardingsphere/governance/core/config/listener/AuthenticationChangedListenerTest.java b/shardingsphere-governance/shardingsphere-governance-core/src/test/java/org/apache/shardingsphere/governance/core/config/listener/AuthenticationChangedListenerTest.java
index 6033519..9fc6305 100644
--- a/shardingsphere-governance/shardingsphere-governance-core/src/test/java/org/apache/shardingsphere/governance/core/config/listener/AuthenticationChangedListenerTest.java
+++ b/shardingsphere-governance/shardingsphere-governance-core/src/test/java/org/apache/shardingsphere/governance/core/config/listener/AuthenticationChangedListenerTest.java
@@ -39,8 +39,7 @@ import static org.junit.Assert.assertTrue;
@RunWith(MockitoJUnitRunner.class)
public final class AuthenticationChangedListenerTest {
- private static final String AUTHENTICATION_YAML = " users:\n" + " root1:\n password: root1\n"
- + " authorizedSchemas: sharding_db\n" + " root2:\n" + " password: root2\n" + " authorizedSchemas: sharding_db,pr_db";
+ private static final String AUTHENTICATION_YAML = " users:\n" + " root1:\n password: root1\n" + " root2:\n" + " password: root2\n";
private AuthenticationChangedListener authenticationChangedListener;
diff --git a/shardingsphere-governance/shardingsphere-governance-core/src/test/java/org/apache/shardingsphere/governance/core/facade/GovernanceFacadeTest.java b/shardingsphere-governance/shardingsphere-governance-core/src/test/java/org/apache/shardingsphere/governance/core/facade/GovernanceFacadeTest.java
index 044e680..c9850a3 100644
--- a/shardingsphere-governance/shardingsphere-governance-core/src/test/java/org/apache/shardingsphere/governance/core/facade/GovernanceFacadeTest.java
+++ b/shardingsphere-governance/shardingsphere-governance-core/src/test/java/org/apache/shardingsphere/governance/core/facade/GovernanceFacadeTest.java
@@ -75,7 +75,7 @@ public final class GovernanceFacadeTest {
public void assertOnlineInstanceWithParameters() {
Map<String, DataSourceConfiguration> dataSourceConfigMap = Collections.singletonMap("test_ds", mock(DataSourceConfiguration.class));
Map<String, Collection<RuleConfiguration>> ruleConfigurationMap = Collections.singletonMap("sharding_db", Collections.singletonList(mock(RuleConfiguration.class)));
- ShardingSphereUser user = new ShardingSphereUser("root", "root", "", Collections.singleton("db1"));
+ ShardingSphereUser user = new ShardingSphereUser("root", "root", "");
DefaultAuthentication authentication = new DefaultAuthentication();
authentication.getAuthentication().put(user, new ShardingSpherePrivilege());
Properties props = new Properties();
diff --git a/shardingsphere-governance/shardingsphere-governance-core/src/test/resources/yaml/configCenter/data-authentication.yaml b/shardingsphere-governance/shardingsphere-governance-core/src/test/resources/yaml/configCenter/data-authentication.yaml
index f58aeb3..de99363 100644
--- a/shardingsphere-governance/shardingsphere-governance-core/src/test/resources/yaml/configCenter/data-authentication.yaml
+++ b/shardingsphere-governance/shardingsphere-governance-core/src/test/resources/yaml/configCenter/data-authentication.yaml
@@ -17,8 +17,6 @@
users:
root1:
- authorizedSchemas: sharding_db
password: root1
root2:
- authorizedSchemas: sharding_db,pr_db
password: root2;
diff --git a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/auth/builtin/yaml/config/YamlUserConfiguration.java b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/auth/builtin/yaml/config/YamlUserConfiguration.java
index 00eba8d..eb1079f 100644
--- a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/auth/builtin/yaml/config/YamlUserConfiguration.java
+++ b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/auth/builtin/yaml/config/YamlUserConfiguration.java
@@ -31,6 +31,4 @@ public final class YamlUserConfiguration implements YamlConfiguration {
private String hostname;
private String password;
-
- private String authorizedSchemas;
}
diff --git a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/auth/builtin/yaml/swapper/UserRuleYamlSwapper.java b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/auth/builtin/yaml/swapper/UserRuleYamlSwapper.java
index 161442d..52ec6bf 100644
--- a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/auth/builtin/yaml/swapper/UserRuleYamlSwapper.java
+++ b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/auth/builtin/yaml/swapper/UserRuleYamlSwapper.java
@@ -17,16 +17,12 @@
package org.apache.shardingsphere.infra.auth.builtin.yaml.swapper;
-import com.google.common.base.Joiner;
-import com.google.common.base.Splitter;
-import com.google.common.base.Strings;
-import org.apache.shardingsphere.infra.auth.user.ShardingSphereUser;
import org.apache.shardingsphere.infra.auth.builtin.yaml.config.YamlUserConfiguration;
import org.apache.shardingsphere.infra.auth.builtin.yaml.config.YamlUserRuleConfiguration;
+import org.apache.shardingsphere.infra.auth.user.ShardingSphereUser;
import org.apache.shardingsphere.infra.yaml.swapper.YamlSwapper;
import java.util.Collection;
-import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.Map;
@@ -52,8 +48,6 @@ public final class UserRuleYamlSwapper implements YamlSwapper<YamlUserRuleConfig
YamlUserConfiguration result = new YamlUserConfiguration();
result.setHostname(data.getHostname());
result.setPassword(data.getPassword());
- String authorizedSchemas = null == data.getAuthorizedSchemas() ? "" : Joiner.on(',').join(data.getAuthorizedSchemas());
- result.setAuthorizedSchemas(authorizedSchemas);
return result;
}
@@ -70,10 +64,6 @@ public final class UserRuleYamlSwapper implements YamlSwapper<YamlUserRuleConfig
}
private ShardingSphereUser swapToObject(final String username, final YamlUserConfiguration yamlConfig) {
- if (Strings.isNullOrEmpty(yamlConfig.getAuthorizedSchemas())) {
- return new ShardingSphereUser(username, yamlConfig.getPassword(), null == yamlConfig.getHostname() ? "" : yamlConfig.getHostname(), Collections.emptyList());
- }
- return new ShardingSphereUser(username, yamlConfig.getPassword(), null == yamlConfig.getHostname() ? "" : yamlConfig.getHostname(),
- Splitter.on(',').trimResults().splitToList(yamlConfig.getAuthorizedSchemas()));
+ return new ShardingSphereUser(username, yamlConfig.getPassword(), null == yamlConfig.getHostname() ? "" : yamlConfig.getHostname());
}
}
diff --git a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/auth/privilege/data/DataPrivilege.java b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/auth/privilege/data/DataPrivilege.java
index 3ccc5b8..67d8656 100644
--- a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/auth/privilege/data/DataPrivilege.java
+++ b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/auth/privilege/data/DataPrivilege.java
@@ -40,6 +40,18 @@ public final class DataPrivilege {
* Has privileges.
*
* @param schema schema
+ * @param privileges privileges
+ * @return has privileges or not
+ */
+ public boolean hasPrivileges(final String schema, final Collection<PrivilegeType> privileges) {
+ return globalPrivileges.contains(PrivilegeType.ALL) || globalPrivileges.containsAll(privileges)
+ || hasPrivileges0(schema, privileges);
+ }
+
+ /**
+ * Has privileges.
+ *
+ * @param schema schema
* @param table table
* @param privileges privileges
* @return has privileges or not
@@ -49,6 +61,11 @@ public final class DataPrivilege {
|| hasPrivileges0(schema, table, privileges);
}
+ private boolean hasPrivileges0(final String schema, final Collection<PrivilegeType> privileges) {
+ Collection<PrivilegeType> targets = privileges.stream().filter(each -> !globalPrivileges.contains(each)).collect(Collectors.toList());
+ return specificPrivileges.containsKey(schema) && specificPrivileges.get(schema).hasPrivileges(targets);
+ }
+
private boolean hasPrivileges0(final String schema, final String table, final Collection<PrivilegeType> privileges) {
Collection<PrivilegeType> targets = privileges.stream().filter(each -> !globalPrivileges.contains(each)).collect(Collectors.toList());
return specificPrivileges.containsKey(schema) && specificPrivileges.get(schema).hasPrivileges(table, targets);
diff --git a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/auth/privilege/data/SchemaPrivilege.java b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/auth/privilege/data/SchemaPrivilege.java
index 3082e77..9dd2e07 100644
--- a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/auth/privilege/data/SchemaPrivilege.java
+++ b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/auth/privilege/data/SchemaPrivilege.java
@@ -43,6 +43,16 @@ public final class SchemaPrivilege {
/**
* Has privileges.
*
+ * @param privileges privileges
+ * @return has privileges or not
+ */
+ public boolean hasPrivileges(final Collection<PrivilegeType> privileges) {
+ return globalPrivileges.containsAll(privileges);
+ }
+
+ /**
+ * Has privileges.
+ *
* @param table table
* @param privileges privileges
* @return has privileges or not
diff --git a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/auth/user/ShardingSphereUser.java b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/auth/user/ShardingSphereUser.java
index f56f789..5dd8324 100644
--- a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/auth/user/ShardingSphereUser.java
+++ b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/auth/user/ShardingSphereUser.java
@@ -20,8 +20,6 @@ package org.apache.shardingsphere.infra.auth.user;
import lombok.Getter;
import lombok.RequiredArgsConstructor;
-import java.util.Collection;
-
/**
* ShardingSphere user.
*/
@@ -35,8 +33,6 @@ public final class ShardingSphereUser {
private final String hostname;
- private final Collection<String> authorizedSchemas;
-
/**
* Get grantee.
*
diff --git a/shardingsphere-infra/shardingsphere-infra-common/src/test/java/org/apache/shardingsphere/infra/auth/builtin/yaml/config/YamlEngineUserConfigurationTest.java b/shardingsphere-infra/shardingsphere-infra-common/src/test/java/org/apache/shardingsphere/infra/auth/builtin/yaml/config/YamlEngineUserConfigurationTest.java
index 228b3b8..727b3ac 100644
--- a/shardingsphere-infra/shardingsphere-infra-common/src/test/java/org/apache/shardingsphere/infra/auth/builtin/yaml/config/YamlEngineUserConfigurationTest.java
+++ b/shardingsphere-infra/shardingsphere-infra-common/src/test/java/org/apache/shardingsphere/infra/auth/builtin/yaml/config/YamlEngineUserConfigurationTest.java
@@ -31,23 +31,20 @@ public final class YamlEngineUserConfigurationTest {
@Test
public void assertUnmarshal() {
- YamlUserConfiguration actual = YamlEngine.unmarshal("password: pwd\nauthorizedSchemas: db1", YamlUserConfiguration.class);
+ YamlUserConfiguration actual = YamlEngine.unmarshal("password: pwd", YamlUserConfiguration.class);
assertThat(actual.getPassword(), is("pwd"));
- assertThat(actual.getAuthorizedSchemas(), is("db1"));
}
@SuppressWarnings("unchecked")
@Test
public void assertUnmarshalMap() {
- Map<String, Object> actual = (Map<String, Object>) YamlEngine.unmarshal("password: pwd\nauthorizedSchemas: db1", Collections.emptyList());
+ Map<String, Object> actual = (Map<String, Object>) YamlEngine.unmarshal("password: pwd", Collections.emptyList());
assertThat(actual.get("password").toString(), is("pwd"));
- assertThat(actual.get("authorizedSchemas").toString(), is("db1"));
}
@Test
public void assertUnmarshalProperties() {
- Properties actual = YamlEngine.unmarshalWithFilter("password: pwd\nauthorizedSchemas: db1", Properties.class);
- assertThat(actual.getProperty("authorizedSchemas"), is("db1"));
+ Properties actual = YamlEngine.unmarshalWithFilter("password: pwd", Properties.class);
assertThat(actual.getProperty("password"), is("pwd"));
}
@@ -55,7 +52,6 @@ public final class YamlEngineUserConfigurationTest {
public void assertMarshal() {
YamlUserConfiguration actual = new YamlUserConfiguration();
actual.setPassword("pwd");
- actual.setAuthorizedSchemas("db1");
- assertThat(YamlEngine.marshal(actual), is("authorizedSchemas: db1\npassword: pwd\n"));
+ assertThat(YamlEngine.marshal(actual), is("password: pwd\n"));
}
}
diff --git a/shardingsphere-infra/shardingsphere-infra-common/src/test/java/org/apache/shardingsphere/infra/auth/builtin/yaml/swapper/UserRuleYamlSwapperTest.java b/shardingsphere-infra/shardingsphere-infra-common/src/test/java/org/apache/shardingsphere/infra/auth/builtin/yaml/swapper/UserRuleYamlSwapperTest.java
index 66bf9a4..d79a03e 100644
--- a/shardingsphere-infra/shardingsphere-infra-common/src/test/java/org/apache/shardingsphere/infra/auth/builtin/yaml/swapper/UserRuleYamlSwapperTest.java
+++ b/shardingsphere-infra/shardingsphere-infra-common/src/test/java/org/apache/shardingsphere/infra/auth/builtin/yaml/swapper/UserRuleYamlSwapperTest.java
@@ -17,16 +17,15 @@
package org.apache.shardingsphere.infra.auth.builtin.yaml.swapper;
-import org.apache.shardingsphere.infra.auth.user.Grantee;
import org.apache.shardingsphere.infra.auth.builtin.DefaultAuthentication;
-import org.apache.shardingsphere.infra.auth.user.ShardingSphereUser;
-import org.apache.shardingsphere.infra.auth.builtin.yaml.config.YamlUserRuleConfiguration;
import org.apache.shardingsphere.infra.auth.builtin.yaml.config.YamlUserConfiguration;
+import org.apache.shardingsphere.infra.auth.builtin.yaml.config.YamlUserRuleConfiguration;
import org.apache.shardingsphere.infra.auth.privilege.ShardingSpherePrivilege;
+import org.apache.shardingsphere.infra.auth.user.Grantee;
+import org.apache.shardingsphere.infra.auth.user.ShardingSphereUser;
import org.junit.Test;
import java.util.Collection;
-import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedHashSet;
import java.util.Map;
@@ -41,26 +40,22 @@ public final class UserRuleYamlSwapperTest {
@Test
public void assertSwapToYaml() {
DefaultAuthentication authentication = new DefaultAuthentication(new LinkedHashSet<>());
- authentication.getAuthentication().put(new ShardingSphereUser("user1", "pwd1", "127.0.0.1", Collections.singleton("db1")), new ShardingSpherePrivilege());
- authentication.getAuthentication().put(new ShardingSphereUser("user2", "pwd2", "127.0.0.2", Collections.singleton("db2")), new ShardingSpherePrivilege());
+ authentication.getAuthentication().put(new ShardingSphereUser("user1", "pwd1", "127.0.0.1"), new ShardingSpherePrivilege());
+ authentication.getAuthentication().put(new ShardingSphereUser("user2", "pwd2", "127.0.0.2"), new ShardingSpherePrivilege());
YamlUserRuleConfiguration actual = new UserRuleYamlSwapper().swapToYamlConfiguration(authentication.getAuthentication().keySet());
assertThat(actual.getUsers().size(), is(2));
assertThat(actual.getUsers().get("user1").getPassword(), is("pwd1"));
assertThat(actual.getUsers().get("user1").getHostname(), is("127.0.0.1"));
- assertThat(actual.getUsers().get("user1").getAuthorizedSchemas(), is("db1"));
assertThat(actual.getUsers().get("user2").getPassword(), is("pwd2"));
assertThat(actual.getUsers().get("user2").getHostname(), is("127.0.0.2"));
- assertThat(actual.getUsers().get("user2").getAuthorizedSchemas(), is("db2"));
}
@Test
public void assertSwapToObject() {
YamlUserConfiguration user1 = new YamlUserConfiguration();
user1.setPassword("pwd1");
- user1.setAuthorizedSchemas("db1");
YamlUserConfiguration user2 = new YamlUserConfiguration();
user2.setPassword("pwd2");
- user2.setAuthorizedSchemas("db2,db1");
Map<String, YamlUserConfiguration> users = new HashMap<>(2, 1);
users.put("user1", user1);
users.put("user2", user2);
@@ -69,10 +64,8 @@ public final class UserRuleYamlSwapperTest {
Collection<ShardingSphereUser> actual = new UserRuleYamlSwapper().swapToObject(yamlConfig);
Optional<ShardingSphereUser> actualUser1 = actual.stream().filter(each -> each.getGrantee().equals(new Grantee("user1", ""))).findFirst();
assertTrue(actualUser1.isPresent());
- assertThat(actualUser1.get().getAuthorizedSchemas().size(), is(1));
Optional<ShardingSphereUser> actualUser2 = actual.stream().filter(each -> each.getGrantee().equals(new Grantee("user2", ""))).findFirst();
assertTrue(actualUser2.isPresent());
- assertThat(actualUser2.get().getAuthorizedSchemas().size(), is(2));
}
@Test
diff --git a/shardingsphere-infra/shardingsphere-infra-common/src/test/java/org/apache/shardingsphere/infra/yaml/engine/YamlEngineTest.java b/shardingsphere-infra/shardingsphere-infra-common/src/test/java/org/apache/shardingsphere/infra/yaml/engine/YamlEngineTest.java
index 7b06dff..0e382df 100644
--- a/shardingsphere-infra/shardingsphere-infra-common/src/test/java/org/apache/shardingsphere/infra/yaml/engine/YamlEngineTest.java
+++ b/shardingsphere-infra/shardingsphere-infra-common/src/test/java/org/apache/shardingsphere/infra/yaml/engine/YamlEngineTest.java
@@ -80,8 +80,7 @@ public final class YamlEngineTest {
@Test
public void assertUnmarshalProperties() {
- Properties actual = YamlEngine.unmarshalWithFilter("password: pwd\nauthorizedSchemas: db1", Properties.class);
- assertThat(actual.getProperty("authorizedSchemas"), is("db1"));
+ Properties actual = YamlEngine.unmarshalWithFilter("password: pwd", Properties.class);
assertThat(actual.getProperty("password"), is("pwd"));
}
diff --git a/shardingsphere-proxy/shardingsphere-proxy-backend/src/main/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/ShowDatabasesExecutor.java b/shardingsphere-proxy/shardingsphere-proxy-backend/src/main/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/ShowDatabasesExecutor.java
index 258ae3c..45c6b05 100644
--- a/shardingsphere-proxy/shardingsphere-proxy-backend/src/main/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/ShowDatabasesExecutor.java
+++ b/shardingsphere-proxy/shardingsphere-proxy-backend/src/main/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/ShowDatabasesExecutor.java
@@ -18,7 +18,7 @@
package org.apache.shardingsphere.proxy.backend.text.admin.mysql.executor;
import lombok.Getter;
-import org.apache.shardingsphere.infra.auth.user.ShardingSphereUser;
+import org.apache.shardingsphere.infra.auth.privilege.ShardingSpherePrivilege;
import org.apache.shardingsphere.infra.executor.sql.execute.result.query.QueryResultMetaData;
import org.apache.shardingsphere.infra.executor.sql.execute.result.query.impl.raw.metadata.RawQueryResultColumnMetaData;
import org.apache.shardingsphere.infra.executor.sql.execute.result.query.impl.raw.metadata.RawQueryResultMetaData;
@@ -48,11 +48,15 @@ public final class ShowDatabasesExecutor implements DatabaseAdminQueryExecutor {
}
private Collection<Object> getSchemaNames(final BackendConnection backendConnection) {
- Collection<Object> result = new LinkedList<>(ProxyContext.getInstance().getAllSchemaNames());
- Optional<ShardingSphereUser> user = ProxyContext.getInstance().getMetaDataContexts().getAuthentication().findUser(backendConnection.getGrantee());
- Collection<String> authorizedSchemas = user.isPresent() ? user.get().getAuthorizedSchemas() : Collections.emptyList();
- if (!authorizedSchemas.isEmpty()) {
- result.retainAll(authorizedSchemas);
+ Optional<ShardingSpherePrivilege> privilege = ProxyContext.getInstance().getMetaDataContexts().getAuthentication().findPrivilege(backendConnection.getGrantee());
+ if (!privilege.isPresent()) {
+ return Collections.emptyList();
+ }
+ Collection<Object> result = new LinkedList<>();
+ for (String each : ProxyContext.getInstance().getAllSchemaNames()) {
+ if (privilege.get().getDataPrivilege().hasPrivileges(each, Collections.emptyList())) {
+ result.add(each);
+ }
}
return result;
}
diff --git a/shardingsphere-proxy/shardingsphere-proxy-backend/src/main/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/UseDatabaseExecutor.java b/shardingsphere-proxy/shardingsphere-proxy-backend/src/main/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/UseDatabaseExecutor.java
index 3bcdd5c..8c25918 100644
--- a/shardingsphere-proxy/shardingsphere-proxy-backend/src/main/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/UseDatabaseExecutor.java
+++ b/shardingsphere-proxy/shardingsphere-proxy-backend/src/main/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/UseDatabaseExecutor.java
@@ -18,7 +18,7 @@
package org.apache.shardingsphere.proxy.backend.text.admin.mysql.executor;
import lombok.RequiredArgsConstructor;
-import org.apache.shardingsphere.infra.auth.user.ShardingSphereUser;
+import org.apache.shardingsphere.infra.auth.privilege.ShardingSpherePrivilege;
import org.apache.shardingsphere.proxy.backend.communication.jdbc.connection.BackendConnection;
import org.apache.shardingsphere.proxy.backend.context.ProxyContext;
import org.apache.shardingsphere.proxy.backend.exception.UnknownDatabaseException;
@@ -26,7 +26,6 @@ import org.apache.shardingsphere.proxy.backend.text.admin.executor.DatabaseAdmin
import org.apache.shardingsphere.sql.parser.sql.common.statement.dal.UseStatement;
import org.apache.shardingsphere.sql.parser.sql.common.util.SQLUtil;
-import java.util.Collection;
import java.util.Collections;
import java.util.Optional;
@@ -48,8 +47,7 @@ public final class UseDatabaseExecutor implements DatabaseAdminExecutor {
}
private boolean isAuthorizedSchema(final BackendConnection backendConnection, final String schema) {
- Optional<ShardingSphereUser> user = ProxyContext.getInstance().getMetaDataContexts().getAuthentication().findUser(backendConnection.getGrantee());
- Collection<String> authorizedSchemas = user.isPresent() ? user.get().getAuthorizedSchemas() : Collections.emptyList();
- return authorizedSchemas.isEmpty() || authorizedSchemas.contains(schema);
+ Optional<ShardingSpherePrivilege> privilege = ProxyContext.getInstance().getMetaDataContexts().getAuthentication().findPrivilege(backendConnection.getGrantee());
+ return privilege.isPresent() && privilege.get().getDataPrivilege().hasPrivileges(schema, Collections.emptyList());
}
}
diff --git a/shardingsphere-proxy/shardingsphere-proxy-backend/src/test/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/ShowDatabasesExecutorTest.java b/shardingsphere-proxy/shardingsphere-proxy-backend/src/test/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/ShowDatabasesExecutorTest.java
index d6332e6..8d48429 100644
--- a/shardingsphere-proxy/shardingsphere-proxy-backend/src/test/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/ShowDatabasesExecutorTest.java
+++ b/shardingsphere-proxy/shardingsphere-proxy-backend/src/test/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/ShowDatabasesExecutorTest.java
@@ -17,10 +17,10 @@
package org.apache.shardingsphere.proxy.backend.text.admin.mysql.executor;
-import org.apache.shardingsphere.infra.auth.user.Grantee;
-import org.apache.shardingsphere.infra.auth.user.ShardingSphereUser;
import org.apache.shardingsphere.infra.auth.builtin.DefaultAuthentication;
import org.apache.shardingsphere.infra.auth.privilege.ShardingSpherePrivilege;
+import org.apache.shardingsphere.infra.auth.user.Grantee;
+import org.apache.shardingsphere.infra.auth.user.ShardingSphereUser;
import org.apache.shardingsphere.infra.config.properties.ConfigurationProperties;
import org.apache.shardingsphere.infra.context.metadata.impl.StandardMetaDataContexts;
import org.apache.shardingsphere.infra.database.type.dialect.MySQLDatabaseType;
@@ -36,7 +36,6 @@ import org.mockito.junit.MockitoJUnitRunner;
import java.lang.reflect.Field;
import java.sql.SQLException;
-import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
@@ -77,7 +76,7 @@ public final class ShowDatabasesExecutorTest {
private DefaultAuthentication getAuthentication() {
DefaultAuthentication result = new DefaultAuthentication();
- result.getAuthentication().put(new ShardingSphereUser("root", "root", "", Arrays.asList(String.format(SCHEMA_PATTERN, 0), String.format(SCHEMA_PATTERN, 1))),
+ result.getAuthentication().put(new ShardingSphereUser("root", "root", ""),
new ShardingSpherePrivilege());
return result;
}
diff --git a/shardingsphere-proxy/shardingsphere-proxy-backend/src/test/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/ShowTablesExecutorTest.java b/shardingsphere-proxy/shardingsphere-proxy-backend/src/test/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/ShowTablesExecutorTest.java
index 1232fce..4205d54 100644
--- a/shardingsphere-proxy/shardingsphere-proxy-backend/src/test/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/ShowTablesExecutorTest.java
+++ b/shardingsphere-proxy/shardingsphere-proxy-backend/src/test/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/ShowTablesExecutorTest.java
@@ -17,10 +17,10 @@
package org.apache.shardingsphere.proxy.backend.text.admin.mysql.executor;
-import org.apache.shardingsphere.infra.auth.user.Grantee;
-import org.apache.shardingsphere.infra.auth.user.ShardingSphereUser;
import org.apache.shardingsphere.infra.auth.builtin.DefaultAuthentication;
import org.apache.shardingsphere.infra.auth.privilege.ShardingSpherePrivilege;
+import org.apache.shardingsphere.infra.auth.user.Grantee;
+import org.apache.shardingsphere.infra.auth.user.ShardingSphereUser;
import org.apache.shardingsphere.infra.config.properties.ConfigurationProperties;
import org.apache.shardingsphere.infra.context.metadata.impl.StandardMetaDataContexts;
import org.apache.shardingsphere.infra.database.type.dialect.MySQLDatabaseType;
@@ -33,7 +33,6 @@ import org.junit.Test;
import java.lang.reflect.Field;
import java.sql.SQLException;
-import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
@@ -72,7 +71,7 @@ public final class ShowTablesExecutorTest {
private DefaultAuthentication getAuthentication() {
DefaultAuthentication result = new DefaultAuthentication();
- result.getAuthentication().put(new ShardingSphereUser("root", "root", "", Arrays.asList(String.format(SCHEMA_PATTERN, 0), String.format(SCHEMA_PATTERN, 1))),
+ result.getAuthentication().put(new ShardingSphereUser("root", "root", ""),
new ShardingSpherePrivilege());
return result;
}
diff --git a/shardingsphere-proxy/shardingsphere-proxy-backend/src/test/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/UseDatabaseExecutorTest.java b/shardingsphere-proxy/shardingsphere-proxy-backend/src/test/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/UseDatabaseExecutorTest.java
index f8ea0a3..8ada5d3 100644
--- a/shardingsphere-proxy/shardingsphere-proxy-backend/src/test/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/UseDatabaseExecutorTest.java
+++ b/shardingsphere-proxy/shardingsphere-proxy-backend/src/test/java/org/apache/shardingsphere/proxy/backend/text/admin/mysql/executor/UseDatabaseExecutorTest.java
@@ -17,9 +17,9 @@
package org.apache.shardingsphere.proxy.backend.text.admin.mysql.executor;
-import org.apache.shardingsphere.infra.auth.user.ShardingSphereUser;
import org.apache.shardingsphere.infra.auth.builtin.DefaultAuthentication;
import org.apache.shardingsphere.infra.auth.privilege.ShardingSpherePrivilege;
+import org.apache.shardingsphere.infra.auth.user.ShardingSphereUser;
import org.apache.shardingsphere.infra.config.properties.ConfigurationProperties;
import org.apache.shardingsphere.infra.context.metadata.impl.StandardMetaDataContexts;
import org.apache.shardingsphere.infra.database.type.dialect.H2DatabaseType;
@@ -35,7 +35,6 @@ import org.junit.runner.RunWith;
import org.mockito.junit.MockitoJUnitRunner;
import java.lang.reflect.Field;
-import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
@@ -76,7 +75,7 @@ public final class UseDatabaseExecutorTest {
private DefaultAuthentication getAuthentication() {
DefaultAuthentication result = new DefaultAuthentication();
- result.getAuthentication().put(new ShardingSphereUser("root", "root", "", Arrays.asList(String.format(SCHEMA_PATTERN, 0), String.format(SCHEMA_PATTERN, 1))),
+ result.getAuthentication().put(new ShardingSphereUser("root", "root", ""),
new ShardingSpherePrivilege());
return result;
}
diff --git a/shardingsphere-proxy/shardingsphere-proxy-backend/src/test/java/org/apache/shardingsphere/proxy/backend/text/data/impl/SchemaAssignedDatabaseBackendHandlerTest.java b/shardingsphere-proxy/shardingsphere-proxy-backend/src/test/java/org/apache/shardingsphere/proxy/backend/text/data/impl/SchemaAssignedDatabaseBackendHandlerTest.java
index 2e88c29..3b936bf 100644
--- a/shardingsphere-proxy/shardingsphere-proxy-backend/src/test/java/org/apache/shardingsphere/proxy/backend/text/data/impl/SchemaAssignedDatabaseBackendHandlerTest.java
+++ b/shardingsphere-proxy/shardingsphere-proxy-backend/src/test/java/org/apache/shardingsphere/proxy/backend/text/data/impl/SchemaAssignedDatabaseBackendHandlerTest.java
@@ -18,9 +18,9 @@
package org.apache.shardingsphere.proxy.backend.text.data.impl;
import lombok.SneakyThrows;
-import org.apache.shardingsphere.infra.auth.user.ShardingSphereUser;
import org.apache.shardingsphere.infra.auth.builtin.DefaultAuthentication;
import org.apache.shardingsphere.infra.auth.privilege.ShardingSpherePrivilege;
+import org.apache.shardingsphere.infra.auth.user.ShardingSphereUser;
import org.apache.shardingsphere.infra.config.properties.ConfigurationProperties;
import org.apache.shardingsphere.infra.context.metadata.impl.StandardMetaDataContexts;
import org.apache.shardingsphere.infra.database.type.DatabaseType;
@@ -44,7 +44,6 @@ import org.mockito.junit.MockitoJUnitRunner;
import java.lang.reflect.Field;
import java.sql.SQLException;
-import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
@@ -109,7 +108,7 @@ public final class SchemaAssignedDatabaseBackendHandlerTest {
private DefaultAuthentication getAuthentication() {
DefaultAuthentication result = new DefaultAuthentication();
- result.getAuthentication().put(new ShardingSphereUser("root", "root", "", Arrays.asList(String.format(SCHEMA_PATTERN, 0), String.format(SCHEMA_PATTERN, 1))),
+ result.getAuthentication().put(new ShardingSphereUser("root", "root", ""),
new ShardingSpherePrivilege());
return result;
}
diff --git a/shardingsphere-proxy/shardingsphere-proxy-backend/src/test/java/org/apache/shardingsphere/proxy/backend/text/data/impl/UnicastDatabaseBackendHandlerTest.java b/shardingsphere-proxy/shardingsphere-proxy-backend/src/test/java/org/apache/shardingsphere/proxy/backend/text/data/impl/UnicastDatabaseBackendHandlerTest.java
index a398ece..b18a309 100644
--- a/shardingsphere-proxy/shardingsphere-proxy-backend/src/test/java/org/apache/shardingsphere/proxy/backend/text/data/impl/UnicastDatabaseBackendHandlerTest.java
+++ b/shardingsphere-proxy/shardingsphere-proxy-backend/src/test/java/org/apache/shardingsphere/proxy/backend/text/data/impl/UnicastDatabaseBackendHandlerTest.java
@@ -18,9 +18,9 @@
package org.apache.shardingsphere.proxy.backend.text.data.impl;
import lombok.SneakyThrows;
-import org.apache.shardingsphere.infra.auth.user.ShardingSphereUser;
import org.apache.shardingsphere.infra.auth.builtin.DefaultAuthentication;
import org.apache.shardingsphere.infra.auth.privilege.ShardingSpherePrivilege;
+import org.apache.shardingsphere.infra.auth.user.ShardingSphereUser;
import org.apache.shardingsphere.infra.config.properties.ConfigurationProperties;
import org.apache.shardingsphere.infra.context.metadata.impl.StandardMetaDataContexts;
import org.apache.shardingsphere.infra.database.type.dialect.H2DatabaseType;
@@ -42,7 +42,6 @@ import org.mockito.junit.MockitoJUnitRunner;
import java.lang.reflect.Field;
import java.sql.SQLException;
-import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
@@ -99,7 +98,7 @@ public final class UnicastDatabaseBackendHandlerTest {
private DefaultAuthentication getAuthentication() {
DefaultAuthentication result = new DefaultAuthentication();
- result.getAuthentication().put(new ShardingSphereUser("root", "root", "", Arrays.asList(String.format(SCHEMA_PATTERN, 0), String.format(SCHEMA_PATTERN, 1))),
+ result.getAuthentication().put(new ShardingSphereUser("root", "root", ""),
new ShardingSpherePrivilege());
return result;
}
diff --git a/shardingsphere-proxy/shardingsphere-proxy-bootstrap/src/main/resources/conf/server.yaml b/shardingsphere-proxy/shardingsphere-proxy-bootstrap/src/main/resources/conf/server.yaml
index 03b1b57..e29a828 100644
--- a/shardingsphere-proxy/shardingsphere-proxy-bootstrap/src/main/resources/conf/server.yaml
+++ b/shardingsphere-proxy/shardingsphere-proxy-bootstrap/src/main/resources/conf/server.yaml
@@ -39,7 +39,6 @@
# password: root
# sharding:
# password: sharding
-# authorizedSchemas: sharding_db
#
#scaling:
# blockQueueSize: 10000
diff --git a/shardingsphere-proxy/shardingsphere-proxy-bootstrap/src/test/java/org/apache/shardingsphere/proxy/initializer/impl/GovernanceBootstrapInitializerTest.java b/shardingsphere-proxy/shardingsphere-proxy-bootstrap/src/test/java/org/apache/shardingsphere/proxy/initializer/impl/GovernanceBootstrapInitializerTest.java
index e3cfa0c..351652c 100644
--- a/shardingsphere-proxy/shardingsphere-proxy-bootstrap/src/test/java/org/apache/shardingsphere/proxy/initializer/impl/GovernanceBootstrapInitializerTest.java
+++ b/shardingsphere-proxy/shardingsphere-proxy-bootstrap/src/test/java/org/apache/shardingsphere/proxy/initializer/impl/GovernanceBootstrapInitializerTest.java
@@ -200,12 +200,9 @@ public final class GovernanceBootstrapInitializerTest extends AbstractBootstrapI
Optional<ShardingSphereUser> rootUser = actual.findUser(new Grantee("root", ""));
assertTrue(rootUser.isPresent());
assertThat(rootUser.get().getPassword(), is("root"));
- assertThat(rootUser.get().getAuthorizedSchemas().size(), is(0));
Optional<ShardingSphereUser> shardingUser = actual.findUser(new Grantee("sharding", ""));
assertTrue(shardingUser.isPresent());
assertThat(shardingUser.get().getPassword(), is("sharding"));
- assertThat(shardingUser.get().getAuthorizedSchemas().size(), is(1));
- assertTrue(shardingUser.get().getAuthorizedSchemas().contains("sharding_db"));
}
@Test
diff --git a/shardingsphere-proxy/shardingsphere-proxy-bootstrap/src/test/java/org/apache/shardingsphere/proxy/initializer/impl/StandardBootstrapInitializerTest.java b/shardingsphere-proxy/shardingsphere-proxy-bootstrap/src/test/java/org/apache/shardingsphere/proxy/initializer/impl/StandardBootstrapInitializerTest.java
index c5b4511..f3ee0c6 100644
--- a/shardingsphere-proxy/shardingsphere-proxy-bootstrap/src/test/java/org/apache/shardingsphere/proxy/initializer/impl/StandardBootstrapInitializerTest.java
+++ b/shardingsphere-proxy/shardingsphere-proxy-bootstrap/src/test/java/org/apache/shardingsphere/proxy/initializer/impl/StandardBootstrapInitializerTest.java
@@ -152,9 +152,6 @@ public final class StandardBootstrapInitializerTest extends AbstractBootstrapIni
Optional<ShardingSphereUser> rootUser = actual.findUser(new Grantee("root", ""));
assertTrue(rootUser.isPresent());
assertThat(rootUser.get().getPassword(), is("root"));
- assertThat(rootUser.get().getAuthorizedSchemas().size(), is(2));
- assertTrue(rootUser.get().getAuthorizedSchemas().contains("ds-1"));
- assertTrue(rootUser.get().getAuthorizedSchemas().contains("ds-2"));
}
private YamlProxyServerConfiguration createYamlProxyServerConfiguration() {
@@ -182,7 +179,6 @@ public final class StandardBootstrapInitializerTest extends AbstractBootstrapIni
private YamlUserConfiguration createYamlUserConfiguration() {
YamlUserConfiguration result = new YamlUserConfiguration();
result.setPassword("root");
- result.setAuthorizedSchemas("ds-1,ds-2");
return result;
}
diff --git a/shardingsphere-proxy/shardingsphere-proxy-bootstrap/src/test/resources/conf/local/server.yaml b/shardingsphere-proxy/shardingsphere-proxy-bootstrap/src/test/resources/conf/local/server.yaml
index 22e3afc..418d103 100644
--- a/shardingsphere-proxy/shardingsphere-proxy-bootstrap/src/test/resources/conf/local/server.yaml
+++ b/shardingsphere-proxy/shardingsphere-proxy-bootstrap/src/test/resources/conf/local/server.yaml
@@ -41,7 +41,6 @@ authentication:
password: root
sharding:
password: sharding
- authorizedSchemas: sharding_db
props:
alpha-1: alpha-A
diff --git a/shardingsphere-proxy/shardingsphere-proxy-bootstrap/src/test/resources/conf/reg_center/config_center/authentication.yaml b/shardingsphere-proxy/shardingsphere-proxy-bootstrap/src/test/resources/conf/reg_center/config_center/authentication.yaml
index 73fc136..be3a01c 100644
--- a/shardingsphere-proxy/shardingsphere-proxy-bootstrap/src/test/resources/conf/reg_center/config_center/authentication.yaml
+++ b/shardingsphere-proxy/shardingsphere-proxy-bootstrap/src/test/resources/conf/reg_center/config_center/authentication.yaml
@@ -20,4 +20,3 @@ users:
password: root
sharding:
password: sharding
- authorizedSchemas: sharding_db
diff --git a/shardingsphere-proxy/shardingsphere-proxy-common/src/test/java/org/apache/shardingsphere/proxy/config/yaml/swapper/YamlProxyConfigurationSwapperTest.java b/shardingsphere-proxy/shardingsphere-proxy-common/src/test/java/org/apache/shardingsphere/proxy/config/yaml/swapper/YamlProxyConfigurationSwapperTest.java
index afaf511..911354c 100644
--- a/shardingsphere-proxy/shardingsphere-proxy-common/src/test/java/org/apache/shardingsphere/proxy/config/yaml/swapper/YamlProxyConfigurationSwapperTest.java
+++ b/shardingsphere-proxy/shardingsphere-proxy-common/src/test/java/org/apache/shardingsphere/proxy/config/yaml/swapper/YamlProxyConfigurationSwapperTest.java
@@ -108,10 +108,7 @@ public final class YamlProxyConfigurationSwapperTest {
Optional<ShardingSphereUser> user = authentication.findUser(new Grantee("user1", ""));
assertTrue(user.isPresent());
assertThat(user.get().getPassword(), is("pass"));
- Collection<String> authorizedSchemas = user.get().getAuthorizedSchemas();
assertNotNull(authentication);
- assertThat(authorizedSchemas.size(), is(1));
- assertTrue(authorizedSchemas.contains("db1"));
}
private YamlProxyConfiguration getYamlProxyConfiguration() {
@@ -217,7 +214,6 @@ public final class YamlProxyConfigurationSwapperTest {
Map<String, YamlUserConfiguration> yamlUserConfigurationMap = new HashMap<>(1, 1);
YamlUserConfiguration yamlUserConfig = mock(YamlUserConfiguration.class);
when(yamlUserConfig.getPassword()).thenReturn("pass");
- when(yamlUserConfig.getAuthorizedSchemas()).thenReturn("db1");
yamlUserConfigurationMap.put("user1", yamlUserConfig);
YamlUserRuleConfiguration userRuleConfiguration = mock(YamlUserRuleConfiguration.class);
when(userRuleConfiguration.getUsers()).thenReturn(yamlUserConfigurationMap);
diff --git a/shardingsphere-proxy/shardingsphere-proxy-common/src/test/resources/conf/server.yaml b/shardingsphere-proxy/shardingsphere-proxy-common/src/test/resources/conf/server.yaml
index ae900ce..81b932d 100644
--- a/shardingsphere-proxy/shardingsphere-proxy-common/src/test/resources/conf/server.yaml
+++ b/shardingsphere-proxy/shardingsphere-proxy-common/src/test/resources/conf/server.yaml
@@ -26,7 +26,6 @@ authentication:
users:
root:
password: root
- authorizedSchemas: sharding_db,replica_query_db
props:
max-connections-size-per-query: 1
diff --git a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/auth/MySQLAuthenticationHandler.java b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/auth/MySQLAuthenticationHandler.java
index 2de2358..2424b74 100644
--- a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/auth/MySQLAuthenticationHandler.java
+++ b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/auth/MySQLAuthenticationHandler.java
@@ -20,7 +20,6 @@ package org.apache.shardingsphere.proxy.frontend.mysql.auth;
import com.google.common.base.Strings;
import lombok.Getter;
import org.apache.commons.codec.digest.DigestUtils;
-import org.apache.commons.collections4.CollectionUtils;
import org.apache.shardingsphere.db.protocol.mysql.constant.MySQLServerErrorCode;
import org.apache.shardingsphere.db.protocol.mysql.packet.handshake.MySQLAuthPluginData;
import org.apache.shardingsphere.infra.auth.user.Grantee;
@@ -28,7 +27,7 @@ import org.apache.shardingsphere.infra.auth.user.ShardingSphereUser;
import org.apache.shardingsphere.proxy.backend.context.ProxyContext;
import java.util.Arrays;
-import java.util.Collection;
+import java.util.Collections;
import java.util.Optional;
/**
@@ -55,7 +54,7 @@ public final class MySQLAuthenticationHandler {
if (!user.isPresent() || !isPasswordRight(user.get().getPassword(), authResponse)) {
return Optional.of(MySQLServerErrorCode.ER_ACCESS_DENIED_ERROR);
}
- if (!isAuthorizedSchema(user.get().getAuthorizedSchemas(), database)) {
+ if (!ProxyContext.getInstance().getMetaDataContexts().getAuthentication().getAuthentication().get(user.get()).getDataPrivilege().hasPrivileges(database, Collections.emptyList())) {
return Optional.of(MySQLServerErrorCode.ER_DBACCESS_DENIED_ERROR);
}
return Optional.empty();
@@ -65,10 +64,6 @@ public final class MySQLAuthenticationHandler {
return Strings.isNullOrEmpty(password) || Arrays.equals(getAuthCipherBytes(password), authResponse);
}
- private boolean isAuthorizedSchema(final Collection<String> authorizedSchemas, final String schema) {
- return Strings.isNullOrEmpty(schema) || CollectionUtils.isEmpty(authorizedSchemas) || authorizedSchemas.contains(schema);
- }
-
private byte[] getAuthCipherBytes(final String password) {
byte[] sha1Password = DigestUtils.sha1(password);
byte[] doubleSha1Password = DigestUtils.sha1(sha1Password);
diff --git a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/command/admin/initdb/MySQLComInitDbExecutor.java b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/command/admin/initdb/MySQLComInitDbExecutor.java
index 50e1f3f..a7e7b44 100644
--- a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/command/admin/initdb/MySQLComInitDbExecutor.java
+++ b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/main/java/org/apache/shardingsphere/proxy/frontend/mysql/command/admin/initdb/MySQLComInitDbExecutor.java
@@ -21,7 +21,7 @@ import lombok.RequiredArgsConstructor;
import org.apache.shardingsphere.db.protocol.mysql.packet.command.admin.initdb.MySQLComInitDbPacket;
import org.apache.shardingsphere.db.protocol.mysql.packet.generic.MySQLOKPacket;
import org.apache.shardingsphere.db.protocol.packet.DatabasePacket;
-import org.apache.shardingsphere.infra.auth.user.ShardingSphereUser;
+import org.apache.shardingsphere.infra.auth.privilege.ShardingSpherePrivilege;
import org.apache.shardingsphere.proxy.backend.communication.jdbc.connection.BackendConnection;
import org.apache.shardingsphere.proxy.backend.context.ProxyContext;
import org.apache.shardingsphere.proxy.backend.exception.UnknownDatabaseException;
@@ -53,8 +53,7 @@ public final class MySQLComInitDbExecutor implements CommandExecutor {
}
private boolean isAuthorizedSchema(final String schema) {
- Optional<ShardingSphereUser> user = ProxyContext.getInstance().getMetaDataContexts().getAuthentication().findUser(backendConnection.getGrantee());
- Collection<String> authorizedSchemas = user.isPresent() ? user.get().getAuthorizedSchemas() : Collections.emptyList();
- return authorizedSchemas.isEmpty() || authorizedSchemas.contains(schema);
+ Optional<ShardingSpherePrivilege> privilege = ProxyContext.getInstance().getMetaDataContexts().getAuthentication().findPrivilege(backendConnection.getGrantee());
+ return privilege.isPresent() && privilege.get().getDataPrivilege().hasPrivileges(schema, Collections.emptyList());
}
}
diff --git a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/test/java/org/apache/shardingsphere/proxy/frontend/mysql/MySQLFrontendEngineTest.java b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/test/java/org/apache/shardingsphere/proxy/frontend/mysql/MySQLFrontendEngineTest.java
index 4c93dd5..1247705 100644
--- a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/test/java/org/apache/shardingsphere/proxy/frontend/mysql/MySQLFrontendEngineTest.java
+++ b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/test/java/org/apache/shardingsphere/proxy/frontend/mysql/MySQLFrontendEngineTest.java
@@ -104,7 +104,7 @@ public final class MySQLFrontendEngineTest {
@Test
public void assertAuthWhenLoginSuccess() {
setConnectionPhase(MySQLConnectionPhase.AUTH_PHASE_FAST_PATH);
- ShardingSphereUser user = new ShardingSphereUser("root", "", "", Collections.singleton("db1"));
+ ShardingSphereUser user = new ShardingSphereUser("root", "", "");
setAuthentication(user);
when(payload.readStringNul()).thenReturn("root");
when(payload.readStringNulByBytes()).thenReturn("root".getBytes());
@@ -120,7 +120,7 @@ public final class MySQLFrontendEngineTest {
@Test
public void assertAuthWhenLoginFailure() {
setConnectionPhase(MySQLConnectionPhase.AUTH_PHASE_FAST_PATH);
- ShardingSphereUser user = new ShardingSphereUser("root", "error", "", Collections.singleton("db1"));
+ ShardingSphereUser user = new ShardingSphereUser("root", "error", "");
setAuthentication(user);
when(payload.readStringNul()).thenReturn("root");
when(payload.readStringNulByBytes()).thenReturn("root".getBytes());
@@ -136,7 +136,7 @@ public final class MySQLFrontendEngineTest {
@Test
public void assertErrorMsgWhenLoginFailure() throws UnknownHostException {
setConnectionPhase(MySQLConnectionPhase.AUTH_PHASE_FAST_PATH);
- ShardingSphereUser user = new ShardingSphereUser("root", "error", "", Collections.singleton("db1"));
+ ShardingSphereUser user = new ShardingSphereUser("root", "error", "");
setAuthentication(user);
when(payload.readStringNul()).thenReturn("root");
when(payload.readStringNulByBytes()).thenReturn("root".getBytes());
diff --git a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/test/java/org/apache/shardingsphere/proxy/frontend/mysql/auth/MySQLAuthenticationHandlerTest.java b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/test/java/org/apache/shardingsphere/proxy/frontend/mysql/auth/MySQLAuthenticationHandlerTest.java
index d81256b..8154006 100644
--- a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/test/java/org/apache/shardingsphere/proxy/frontend/mysql/auth/MySQLAuthenticationHandlerTest.java
+++ b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/test/java/org/apache/shardingsphere/proxy/frontend/mysql/auth/MySQLAuthenticationHandlerTest.java
@@ -73,35 +73,35 @@ public final class MySQLAuthenticationHandlerTest {
@Test
public void assertLoginWithPassword() {
- setAuthentication(new ShardingSphereUser("root", "root", "", Collections.singleton("db1")));
+ setAuthentication(new ShardingSphereUser("root", "root", ""));
byte[] authResponse = {-27, 89, -20, -27, 65, -120, -64, -101, 86, -100, -108, -100, 6, -125, -37, 117, 14, -43, 95, -113};
assertFalse(authenticationHandler.login("root", "", authResponse, "db1").isPresent());
}
@Test
public void assertLoginWithAbsentUser() {
- setAuthentication(new ShardingSphereUser("root", "root", "", Collections.singleton("db1")));
+ setAuthentication(new ShardingSphereUser("root", "root", ""));
byte[] authResponse = {-27, 89, -20, -27, 65, -120, -64, -101, 86, -100, -108, -100, 6, -125, -37, 117, 14, -43, 95, -113};
assertThat(authenticationHandler.login("root1", "", authResponse, "db1").orElse(null), is(MySQLServerErrorCode.ER_ACCESS_DENIED_ERROR));
}
@Test
public void assertLoginWithIncorrectPassword() {
- setAuthentication(new ShardingSphereUser("root", "root", "", Collections.singleton("db1")));
+ setAuthentication(new ShardingSphereUser("root", "root", ""));
byte[] authResponse = {0, 89, -20, -27, 65, -120, -64, -101, 86, -100, -108, -100, 6, -125, -37, 117, 14, -43, 95, -113};
assertThat(authenticationHandler.login("root", "", authResponse, "db1").orElse(null), is(MySQLServerErrorCode.ER_ACCESS_DENIED_ERROR));
}
@Test
public void assertLoginWithoutPassword() {
- setAuthentication(new ShardingSphereUser("root", null, "", null));
+ setAuthentication(new ShardingSphereUser("root", null, ""));
byte[] authResponse = {};
assertFalse(authenticationHandler.login("root", "", authResponse, "db1").isPresent());
}
@Test
public void assertLoginWithUnauthorizedSchema() {
- setAuthentication(new ShardingSphereUser("root", "root", "", Collections.singleton("db1")));
+ setAuthentication(new ShardingSphereUser("root", "root", ""));
byte[] authResponse = {-27, 89, -20, -27, 65, -120, -64, -101, 86, -100, -108, -100, 6, -125, -37, 117, 14, -43, 95, -113};
assertThat(authenticationHandler.login("root", "", authResponse, "db2").orElse(null), is(MySQLServerErrorCode.ER_DBACCESS_DENIED_ERROR));
}
diff --git a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-postgresql/src/main/java/org/apache/shardingsphere/proxy/frontend/postgresql/auth/PostgreSQLAuthenticationHandler.java b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-postgresql/src/main/java/org/apache/shardingsphere/proxy/frontend/postgresql/auth/PostgreSQLAuthenticationHandler.java
index 6cf9b5c..03a5621 100644
--- a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-postgresql/src/main/java/org/apache/shardingsphere/proxy/frontend/postgresql/auth/PostgreSQLAuthenticationHandler.java
+++ b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-postgresql/src/main/java/org/apache/shardingsphere/proxy/frontend/postgresql/auth/PostgreSQLAuthenticationHandler.java
@@ -17,12 +17,10 @@
package org.apache.shardingsphere.proxy.frontend.postgresql.auth;
-import com.google.common.base.Strings;
import lombok.AccessLevel;
import lombok.NoArgsConstructor;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.codec.digest.DigestUtils;
-import org.apache.commons.collections4.CollectionUtils;
import org.apache.shardingsphere.db.protocol.postgresql.constant.PostgreSQLErrorCode;
import org.apache.shardingsphere.db.protocol.postgresql.packet.handshake.PostgreSQLPasswordMessagePacket;
import org.apache.shardingsphere.infra.auth.user.Grantee;
@@ -30,7 +28,7 @@ import org.apache.shardingsphere.infra.auth.user.ShardingSphereUser;
import org.apache.shardingsphere.proxy.backend.context.ProxyContext;
import java.security.MessageDigest;
-import java.util.Collection;
+import java.util.Collections;
import java.util.Optional;
/**
@@ -58,7 +56,7 @@ public final class PostgreSQLAuthenticationHandler {
if (!expectedMd5Digest.equals(md5Digest)) {
return new PostgreSQLLoginResult(PostgreSQLErrorCode.INVALID_PASSWORD, String.format("password authentication failed for user \"%s\"", username));
}
- if (!isAuthorizedSchema(user.get().getAuthorizedSchemas(), databaseName)) {
+ if (!ProxyContext.getInstance().getMetaDataContexts().getAuthentication().getAuthentication().get(user.get()).getDataPrivilege().hasPrivileges(databaseName, Collections.emptyList())) {
return new PostgreSQLLoginResult(PostgreSQLErrorCode.PRIVILEGE_NOT_GRANTED, String.format("Access denied for user '%s' to database '%s'", username, databaseName));
}
return new PostgreSQLLoginResult(PostgreSQLErrorCode.SUCCESSFUL_COMPLETION, null);
@@ -71,8 +69,4 @@ public final class PostgreSQLAuthenticationHandler {
messageDigest.update(md5Salt);
return "md5" + new String(Hex.encodeHex(messageDigest.digest(), true));
}
-
- private static boolean isAuthorizedSchema(final Collection<String> authorizedSchemas, final String schema) {
- return Strings.isNullOrEmpty(schema) || CollectionUtils.isEmpty(authorizedSchemas) || authorizedSchemas.contains(schema);
- }
}
diff --git a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-postgresql/src/test/java/org/apache/shardingsphere/proxy/frontend/postgresql/auth/PostgreSQLAuthenticationEngineTest.java b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-postgresql/src/test/java/org/apache/shardingsphere/proxy/frontend/postgresql/auth/PostgreSQLAuthenticationEngineTest.java
index 76d4ff8..62bf5fe 100644
--- a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-postgresql/src/test/java/org/apache/shardingsphere/proxy/frontend/postgresql/auth/PostgreSQLAuthenticationEngineTest.java
+++ b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-postgresql/src/test/java/org/apache/shardingsphere/proxy/frontend/postgresql/auth/PostgreSQLAuthenticationEngineTest.java
@@ -118,17 +118,15 @@ public final class PostgreSQLAuthenticationEngineTest {
verify(channelHandlerContext).writeAndFlush(argumentCaptor.capture());
PostgreSQLAuthenticationMD5PasswordPacket md5PasswordPacket = argumentCaptor.getValue();
byte[] md5Salt = getMd5Salt(md5PasswordPacket);
-
payload = new PostgreSQLPacketPayload(createByteBuf(16, 128));
String md5Digest = md5Encode(username, inputPassword, md5Salt);
payload.writeInt1('p');
payload.writeInt4(4 + md5Digest.length() + 1);
payload.writeStringNul(md5Digest);
-
ProxyContext proxyContext = ProxyContext.getInstance();
StandardMetaDataContexts standardMetaDataContexts = new StandardMetaDataContexts();
((DefaultAuthentication) standardMetaDataContexts.getAuthentication()).getAuthentication().put(
- new ShardingSphereUser(username, password, "", null), new ShardingSpherePrivilege());
+ new ShardingSphereUser(username, password, ""), new ShardingSpherePrivilege());
proxyContext.init(standardMetaDataContexts, mock(TransactionContexts.class));
actual = engine.auth(channelHandlerContext, payload);
assertThat(actual.isFinished(), is(password.equals(inputPassword)));