You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by dm...@apache.org on 2016/12/21 16:05:54 UTC
[2/2] ambari git commit: AMBARI-19235. 'Cluster User' role issue
after Ambari 2.4.2.0 upgrade (echekanskiy via dlysnichenko)
AMBARI-19235. 'Cluster User' role issue after Ambari 2.4.2.0 upgrade (echekanskiy via dlysnichenko)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/585c2b87
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/585c2b87
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/585c2b87
Branch: refs/heads/branch-2.5
Commit: 585c2b87775c868f0d3df60bf3aac26649f8fe05
Parents: cafe61c
Author: Lisnichenko Dmitro <dl...@hortonworks.com>
Authored: Wed Dec 21 18:05:18 2016 +0200
Committer: Lisnichenko Dmitro <dl...@hortonworks.com>
Committed: Wed Dec 21 18:05:18 2016 +0200
----------------------------------------------------------------------
.../AmbariLdapAuthoritiesPopulator.java | 21 ++----
...ariAuthorizationProviderDisableUserTest.java | 2 +-
.../TestAmbariLdapAuthoritiesPopulator.java | 70 +++-----------------
3 files changed, 16 insertions(+), 77 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/585c2b87/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java
index b3be046..92037fc 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java
@@ -19,14 +19,10 @@ package org.apache.ambari.server.security.authorization;
import java.util.Collection;
import java.util.Collections;
-import java.util.LinkedList;
-import java.util.List;
import org.apache.ambari.server.orm.dao.MemberDAO;
import org.apache.ambari.server.orm.dao.PrivilegeDAO;
import org.apache.ambari.server.orm.dao.UserDAO;
-import org.apache.ambari.server.orm.entities.MemberEntity;
-import org.apache.ambari.server.orm.entities.PrincipalEntity;
import org.apache.ambari.server.orm.entities.PrivilegeEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
import org.slf4j.Logger;
@@ -47,14 +43,17 @@ public class AmbariLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
UserDAO userDAO;
MemberDAO memberDAO;
PrivilegeDAO privilegeDAO;
+ Users users;
@Inject
public AmbariLdapAuthoritiesPopulator(AuthorizationHelper authorizationHelper,
- UserDAO userDAO, MemberDAO memberDAO, PrivilegeDAO privilegeDAO) {
+ UserDAO userDAO, MemberDAO memberDAO, PrivilegeDAO privilegeDAO,
+ Users users) {
this.authorizationHelper = authorizationHelper;
this.userDAO = userDAO;
this.memberDAO = memberDAO;
this.privilegeDAO = privilegeDAO;
+ this.users = users;
}
@Override
@@ -74,18 +73,8 @@ public class AmbariLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
if(!user.getActive()){
throw new InvalidUsernamePasswordCombinationException();
}
- // get all of the privileges for the user
- List<PrincipalEntity> principalEntities = new LinkedList<PrincipalEntity>();
- principalEntities.add(user.getPrincipal());
-
- List<MemberEntity> memberEntities = memberDAO.findAllMembersByUser(user);
-
- for (MemberEntity memberEntity : memberEntities) {
- principalEntities.add(memberEntity.getGroup().getPrincipal());
- }
-
- List<PrivilegeEntity> privilegeEntities = privilegeDAO.findAllByPrincipal(principalEntities);
+ Collection<PrivilegeEntity> privilegeEntities = users.getUserPrivileges(user);
return authorizationHelper.convertPrivilegesToAuthorities(privilegeEntities);
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/585c2b87/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationProviderDisableUserTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationProviderDisableUserTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationProviderDisableUserTest.java
index 90d4be0..6b98a5b 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationProviderDisableUserTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationProviderDisableUserTest.java
@@ -58,7 +58,7 @@ public class AmbariAuthorizationProviderDisableUserTest {
alup = new AmbariLocalUserProvider(userDAO, users, encoder);
- ldapPopulator = new AmbariLdapAuthoritiesPopulator(authorizationHelper, userDAO, memberDao, privilegeDao);
+ ldapPopulator = new AmbariLdapAuthoritiesPopulator(authorizationHelper, userDAO, memberDao, privilegeDao, users);
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/585c2b87/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java
index 0ba766b..cf6cd32 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java
@@ -17,15 +17,15 @@
*/
package org.apache.ambari.server.security.authorization;
+import static org.easymock.EasyMock.expect;
+
+import java.util.Collections;
+
import org.apache.ambari.server.orm.dao.MemberDAO;
import org.apache.ambari.server.orm.dao.PrivilegeDAO;
import org.apache.ambari.server.orm.dao.UserDAO;
-import org.apache.ambari.server.orm.entities.GroupEntity;
-import org.apache.ambari.server.orm.entities.MemberEntity;
-import org.apache.ambari.server.orm.entities.PrincipalEntity;
import org.apache.ambari.server.orm.entities.PrivilegeEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
-import org.easymock.EasyMock;
import org.easymock.EasyMockSupport;
import org.junit.Before;
import org.junit.Test;
@@ -35,25 +35,17 @@ import org.powermock.core.classloader.annotations.PrepareForTest;
import org.powermock.modules.junit4.PowerMockRunner;
import org.springframework.ldap.core.DirContextOperations;
-import java.util.Collections;
-import java.util.LinkedList;
-import java.util.List;
-import static org.easymock.EasyMock.*;
-
@RunWith(PowerMockRunner.class) // Allow mocking static methods
@PrepareForTest(AuthorizationHelper.class) // This class has a static method that will be mocked
public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport {
AuthorizationHelper helper = new AuthorizationHelper();
UserDAO userDAO = createMock(UserDAO.class);
+ Users users = createMock(Users.class);
MemberDAO memberDAO = createMock(MemberDAO.class);
PrivilegeDAO privilegeDAO = createMock(PrivilegeDAO.class);
DirContextOperations userData = createMock(DirContextOperations.class);
UserEntity userEntity = createMock(UserEntity.class);
- PrincipalEntity principalEntity = createMock(PrincipalEntity.class);
- PrincipalEntity groupPrincipalEntity = createMock(PrincipalEntity.class);
- MemberEntity memberEntity = createMock(MemberEntity.class);
- GroupEntity groupEntity = createMock(GroupEntity.class);
PrivilegeEntity privilegeEntity = createMock(PrivilegeEntity.class);
@Before
@@ -63,21 +55,14 @@ public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport {
}
@Test
- public void testGetGrantedAuthorities_mappingDisabled() throws Exception {
+ public void testGetGrantedAuthorities() throws Exception {
String username = "user";
AmbariLdapAuthoritiesPopulator populator = createMockBuilder(AmbariLdapAuthoritiesPopulator.class)
- .withConstructor(helper, userDAO, memberDAO, privilegeDAO).createMock();
+ .withConstructor(helper, userDAO, memberDAO, privilegeDAO, users).createMock();
- expect(userEntity.getPrincipal()).andReturn(principalEntity);
expect(userEntity.getActive()).andReturn(true);
- expect(memberDAO.findAllMembersByUser(userEntity)).andReturn(Collections.singletonList(memberEntity));
- expect(memberEntity.getGroup()).andReturn(groupEntity);
- expect(groupEntity.getPrincipal()).andReturn(groupPrincipalEntity);
- List<PrincipalEntity> principalEntityList = new LinkedList<PrincipalEntity>();
- principalEntityList.add(principalEntity);
- principalEntityList.add(groupPrincipalEntity);
- expect(privilegeDAO.findAllByPrincipal(principalEntityList)).andReturn(Collections.singletonList(privilegeEntity));
+ expect(users.getUserPrivileges(userEntity)).andReturn(Collections.singletonList(privilegeEntity));
expect(userDAO.findLdapUserByName(username)).andReturn(userEntity);
replayAll();
@@ -89,34 +74,6 @@ public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport {
}
@Test
- public void testGetGrantedAuthorities_mappingEnabled() throws Exception {
-
- AmbariLdapAuthoritiesPopulator populator = createMockBuilder(AmbariLdapAuthoritiesPopulator.class)
- .withConstructor(helper, userDAO, memberDAO, privilegeDAO).createMock();
-
- expect(userEntity.getPrincipal()).andReturn(principalEntity).anyTimes();
- expect(userEntity.getActive()).andReturn(true);
- expect(memberDAO.findAllMembersByUser(userEntity)).andReturn(Collections.singletonList(memberEntity)).anyTimes();
- expect(memberEntity.getGroup()).andReturn(groupEntity).anyTimes();
- expect(groupEntity.getPrincipal()).andReturn(groupPrincipalEntity).anyTimes();
- List<PrincipalEntity> principalEntityList = new LinkedList<PrincipalEntity>();
- principalEntityList.add(principalEntity);
- principalEntityList.add(groupPrincipalEntity);
- expect(privilegeDAO.findAllByPrincipal(principalEntityList)).andReturn(Collections.singletonList(privilegeEntity)).anyTimes();
-
- expect(userDAO.findLdapUserByName(EasyMock.<String> anyObject())).andReturn(null).andReturn(userEntity).once();
-
- replayAll();
-
- //test with admin user
- populator.getGrantedAuthorities(userData, "admin");
- //test with non-admin
- populator.getGrantedAuthorities(userData, "user");
-
- verifyAll();
- }
-
- @Test
public void testGetGrantedAuthoritiesWithLoginAlias() throws Exception {
// Given
String loginAlias = "testLoginAlias@testdomain.com";
@@ -128,17 +85,10 @@ public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport {
PowerMock.replay(AuthorizationHelper.class);
AmbariLdapAuthoritiesPopulator populator = createMockBuilder(AmbariLdapAuthoritiesPopulator.class)
- .withConstructor(helper, userDAO, memberDAO, privilegeDAO).createMock();
+ .withConstructor(helper, userDAO, memberDAO, privilegeDAO, users).createMock();
- expect(userEntity.getPrincipal()).andReturn(principalEntity);
expect(userEntity.getActive()).andReturn(true);
- expect(memberDAO.findAllMembersByUser(userEntity)).andReturn(Collections.singletonList(memberEntity));
- expect(memberEntity.getGroup()).andReturn(groupEntity);
- expect(groupEntity.getPrincipal()).andReturn(groupPrincipalEntity);
- List<PrincipalEntity> principalEntityList = new LinkedList<PrincipalEntity>();
- principalEntityList.add(principalEntity);
- principalEntityList.add(groupPrincipalEntity);
- expect(privilegeDAO.findAllByPrincipal(principalEntityList)).andReturn(Collections.singletonList(privilegeEntity));
+ expect(users.getUserPrivileges(userEntity)).andReturn(Collections.singletonList(privilegeEntity));
expect(userDAO.findLdapUserByName(ambariUserName)).andReturn(userEntity); // user should be looked up by user name instead of login alias