You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sqoop.apache.org by ab...@apache.org on 2015/01/28 04:02:12 UTC
sqoop git commit: SQOOP-1981: Sqoop2: Default implementation of RBAC
in Sqoop
Repository: sqoop
Updated Branches:
refs/heads/sqoop2 2b4db8023 -> d7ba495af
SQOOP-1981: Sqoop2: Default implementation of RBAC in Sqoop
(Richard Zhou via Abraham Elmahrek)
Project: http://git-wip-us.apache.org/repos/asf/sqoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/sqoop/commit/d7ba495a
Tree: http://git-wip-us.apache.org/repos/asf/sqoop/tree/d7ba495a
Diff: http://git-wip-us.apache.org/repos/asf/sqoop/diff/d7ba495a
Branch: refs/heads/sqoop2
Commit: d7ba495af784a49f0027cb1b0251163bc9e55bbe
Parents: 2b4db80
Author: Abraham Elmahrek <ab...@apache.org>
Authored: Tue Jan 27 19:01:37 2015 -0800
Committer: Abraham Elmahrek <ab...@apache.org>
Committed: Tue Jan 27 19:01:37 2015 -0800
----------------------------------------------------------------------
.../java/org/apache/sqoop/model/MPrincipal.java | 80 +++++++
.../java/org/apache/sqoop/model/MPrivilege.java | 112 +++++++++
.../java/org/apache/sqoop/model/MResource.java | 80 +++++++
.../main/java/org/apache/sqoop/model/MRole.java | 66 ++++++
.../security/AuthorizationAccessController.java | 92 +++++++-
.../sqoop/security/AuthorizationHandler.java | 103 ++++++--
.../sqoop/security/AuthorizationManager.java | 30 +--
.../sqoop/security/AuthorizationValidator.java | 8 +-
.../DefaultAuthorizationAccessController.java | 232 +++++++++++++++++++
.../DefaultAuthorizationHandler.java | 214 ++++++++++++++++-
.../DefaultAuthorizationValidator.java | 13 ++
11 files changed, 984 insertions(+), 46 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/sqoop/blob/d7ba495a/common/src/main/java/org/apache/sqoop/model/MPrincipal.java
----------------------------------------------------------------------
diff --git a/common/src/main/java/org/apache/sqoop/model/MPrincipal.java b/common/src/main/java/org/apache/sqoop/model/MPrincipal.java
new file mode 100644
index 0000000..061ffe5
--- /dev/null
+++ b/common/src/main/java/org/apache/sqoop/model/MPrincipal.java
@@ -0,0 +1,80 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sqoop.model;
+
+/**
+ * Model describing entire principal object which used in principal based authorization controller
+ */
+public class MPrincipal {
+
+ private final String id;
+ private final String name;
+ /**
+ * Currently, the type supports user, group and role.
+ */
+ private final String type;
+
+ /**
+ * Default constructor to build new MPrincipal model.
+ *
+ * @param id Principal id
+ * @param name Principal name
+ * @param type Principal type
+ */
+ public MPrincipal(String id,
+ String name,
+ String type) {
+ this.id = id;
+ this.name = name;
+ this.type = type;
+ }
+
+ /**
+ * Constructor to build new MPrincipal model.
+ *
+ * @param name Principal name
+ * @param type Principal type
+ */
+ public MPrincipal(String name,
+ String type) {
+ this(null, name, type);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("Principal (");
+ sb.append("Principal id: ").append(this.id);
+ sb.append(", Principal name: ").append(this.name);
+ sb.append(", Principal type: ").append(this.type);
+ sb.append(" )");
+
+ return sb.toString();
+ }
+
+ public String getId() {
+ return id;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public String getType() {
+ return type;
+ }
+}
http://git-wip-us.apache.org/repos/asf/sqoop/blob/d7ba495a/common/src/main/java/org/apache/sqoop/model/MPrivilege.java
----------------------------------------------------------------------
diff --git a/common/src/main/java/org/apache/sqoop/model/MPrivilege.java b/common/src/main/java/org/apache/sqoop/model/MPrivilege.java
new file mode 100644
index 0000000..7d656ec
--- /dev/null
+++ b/common/src/main/java/org/apache/sqoop/model/MPrivilege.java
@@ -0,0 +1,112 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sqoop.model;
+
+/**
+ * Model describing entire privilege object which used in privilege based authorization controller
+ */
+public class MPrivilege {
+
+ private final String id;
+ private final String name;
+ private final MResource resource;
+ /**
+ * Currently, the action supports view, use, create, update, delete and enable_disable.
+ */
+ private final String action;
+ private final boolean with_grant_option;
+
+
+ /**
+ * Default constructor to build new MPrivilege model.
+ *
+ * @param id Privilege id
+ * @param name Privilege name
+ * @param resource Privilege resource
+ * @param action Privilege action
+ * @param with_grant_option Privilege with_grant_option
+ */
+ public MPrivilege(String id,
+ String name,
+ MResource resource,
+ String action,
+ boolean with_grant_option) {
+ this.id = id;
+ this.name = name;
+ this.resource = resource;
+ this.action = action;
+ this.with_grant_option = with_grant_option;
+ }
+
+ /**
+ * Constructor to build new MPrivilege model.
+ *
+ * @param name Privilege name
+ * @param resource Privilege resource
+ * @param action Privilege action
+ */
+ public MPrivilege(String name,
+ MResource resource,
+ String action) {
+ this(null, name, resource, action, false);
+ }
+
+ /**
+ * Constructor to build new MPrivilege model.
+ *
+ * @param resource Privilege resource
+ * @param action Privilege action
+ */
+ public MPrivilege(MResource resource,
+ String action) {
+ this(null, resource, action);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("Privilege (");
+ sb.append("Privilege id: ").append(this.id);
+ sb.append(", Privilege name: ").append(this.name);
+ sb.append(", Privilege resource: ").append(this.getResource().toString());
+ sb.append(", Privilege action: ").append(this.action);
+ sb.append(", Privilege with_grant_option: ").append(this.with_grant_option);
+ sb.append(" )");
+
+ return sb.toString();
+ }
+
+ public String getId() {
+ return id;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public MResource getResource() {
+ return resource;
+ }
+
+ public String getAction() {
+ return action;
+ }
+
+ public boolean isWith_grant_option() {
+ return with_grant_option;
+ }
+}
http://git-wip-us.apache.org/repos/asf/sqoop/blob/d7ba495a/common/src/main/java/org/apache/sqoop/model/MResource.java
----------------------------------------------------------------------
diff --git a/common/src/main/java/org/apache/sqoop/model/MResource.java b/common/src/main/java/org/apache/sqoop/model/MResource.java
new file mode 100644
index 0000000..8e519e5
--- /dev/null
+++ b/common/src/main/java/org/apache/sqoop/model/MResource.java
@@ -0,0 +1,80 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sqoop.model;
+
+/**
+ * Model describing entire resource object which used in resource based authorization controller
+ */
+public class MResource {
+
+ private final String id;
+ private final String name;
+ /**
+ * Currently, the type supports connector, link, job and submission.
+ */
+ private final String type;
+
+ /**
+ * Default constructor to build new MResource model.
+ *
+ * @param id Resource id
+ * @param name Resource name
+ * @param type Resource type
+ */
+ public MResource(String id,
+ String name,
+ String type) {
+ this.id = id;
+ this.name = name;
+ this.type = type;
+ }
+
+ /**
+ * Constructor to build new MResource model.
+ *
+ * @param name Resource name
+ * @param type Resource type
+ */
+ public MResource(String name,
+ String type) {
+ this(null, name, type);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("Resource (");
+ sb.append("Resource id: ").append(this.id);
+ sb.append(", Resource name: ").append(this.name);
+ sb.append(", Resource type: ").append(this.type);
+ sb.append(" )");
+
+ return sb.toString();
+ }
+
+ public String getId() {
+ return id;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public String getType() {
+ return type;
+ }
+}
http://git-wip-us.apache.org/repos/asf/sqoop/blob/d7ba495a/common/src/main/java/org/apache/sqoop/model/MRole.java
----------------------------------------------------------------------
diff --git a/common/src/main/java/org/apache/sqoop/model/MRole.java b/common/src/main/java/org/apache/sqoop/model/MRole.java
new file mode 100644
index 0000000..359fa09
--- /dev/null
+++ b/common/src/main/java/org/apache/sqoop/model/MRole.java
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sqoop.model;
+
+/**
+ * Model describing entire role object which used in role based authorization controller
+ */
+public class MRole {
+
+ private final String id;
+ private final String name;
+
+ /**
+ * Default constructor to build new MRole model.
+ *
+ * @param id Role id
+ * @param name Role name
+ */
+ public MRole(String id,
+ String name) {
+ this.id = id;
+ this.name = name;
+ }
+
+ /**
+ * Constructor to build new MRole model.
+ *
+ * @param name Role name
+ */
+ public MRole(String name) {
+ this(null, name);
+ }
+
+ @Override
+ public String toString() {
+ StringBuilder sb = new StringBuilder("Role (");
+ sb.append("Role id: ").append(this.id);
+ sb.append(", Role name: ").append(this.name);
+ sb.append(" )");
+
+ return sb.toString();
+ }
+
+ public String getId() {
+ return id;
+ }
+
+ public String getName() {
+ return name;
+ }
+}
http://git-wip-us.apache.org/repos/asf/sqoop/blob/d7ba495a/core/src/main/java/org/apache/sqoop/security/AuthorizationAccessController.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/sqoop/security/AuthorizationAccessController.java b/core/src/main/java/org/apache/sqoop/security/AuthorizationAccessController.java
index 698a940..54fa556 100644
--- a/core/src/main/java/org/apache/sqoop/security/AuthorizationAccessController.java
+++ b/core/src/main/java/org/apache/sqoop/security/AuthorizationAccessController.java
@@ -17,12 +17,100 @@
*/
package org.apache.sqoop.security;
-import org.apache.log4j.Logger;
+import org.apache.sqoop.common.SqoopException;
+import org.apache.sqoop.model.MPrincipal;
+import org.apache.sqoop.model.MPrivilege;
+import org.apache.sqoop.model.MResource;
+import org.apache.sqoop.model.MRole;
+
+import java.util.List;
/***
* AuthorizationAccessController is responsible for managing access rule and principal.
*/
public abstract class AuthorizationAccessController {
- private static final Logger LOG = Logger.getLogger(AuthorizationAccessController.class);
+ /**
+ * Role related function
+ */
+ public abstract List<MRole> getAllRoles() throws SqoopException;
+
+ public abstract MRole getRole(String name) throws SqoopException;
+
+ public abstract List<MRole> getRolesByPrincipal(MPrincipal principal) throws SqoopException;
+
+ public abstract List<MRole> getRolesByPrivilege(MPrivilege privilege) throws SqoopException;
+
+ public abstract void createRole(String name) throws SqoopException;
+
+ public abstract void updateRole(String old_name, String new_name) throws SqoopException;
+
+ public abstract void removeRole(String name) throws SqoopException;
+
+ /**
+ * Principal related function
+ */
+ public abstract List<MPrincipal> getAllPrincipals() throws SqoopException;
+
+ public abstract List<MPrincipal> getPrincipalsByName(String name) throws SqoopException;
+
+ public abstract List<MPrincipal> getPrincipalsByType(String type) throws SqoopException;
+
+ public abstract MPrincipal getPrincipal(String name, String type) throws SqoopException;
+
+ public abstract List<MPrincipal> getPrincipalsByRole(MRole role) throws SqoopException;
+
+ public abstract void createPrincipal(String name, String type) throws SqoopException;
+
+ public abstract void updatePrincipal(MPrincipal old_principal, MPrincipal new_principal) throws SqoopException;
+
+ public abstract void removePrincipalsByName(String name) throws SqoopException;
+
+ public abstract void removePrincipalsByType(String type) throws SqoopException;
+
+ public abstract void removePrincipal(MPrincipal principal) throws SqoopException;
+
+ public abstract void grantRole(List<MPrincipal> principals, List<MRole> roles) throws SqoopException;
+
+ public abstract void revokeRole(List<MPrincipal> principals, List<MRole> roles) throws SqoopException;
+
+ /**
+ * Resource related function
+ */
+ public abstract List<MResource> getAllResources() throws SqoopException;
+
+ public abstract List<MResource> getResourcesByType(String type) throws SqoopException;
+
+ public abstract MResource getResource(String name, String type) throws SqoopException;
+
+ public abstract void createResource(String name, String type) throws SqoopException;
+
+ public abstract void updateResource(MResource old_resource, MResource new_resource) throws SqoopException;
+
+ public abstract void removeResourcesByType(String type) throws SqoopException;
+
+ public abstract void removeResource(MResource resource) throws SqoopException;
+
+ /**
+ * Privilege related function
+ */
+ public abstract List<MPrivilege> getAllPrivileges() throws SqoopException;
+
+ public abstract MPrivilege getPrivilegeByName(String name) throws SqoopException;
+
+ public abstract List<MPrivilege> getPrivilegesByResource(MResource resource) throws SqoopException;
+
+ public abstract List<MPrivilege> getPrivilegesByRole(MRole role) throws SqoopException;
+
+ public abstract void createPrivilege(String name, MResource resource, String action, boolean with_grant_option) throws SqoopException;
+
+ public abstract void updatePrivilege(MPrivilege old_privilege, MPrivilege new_privilege) throws SqoopException;
+
+ public abstract void removePrivilege(String name) throws SqoopException;
+
+ public abstract void removePrivilegesByResource(MResource resource) throws SqoopException;
+
+ public abstract void grantPrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) throws SqoopException;
+
+ public abstract void revokePrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) throws SqoopException;
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sqoop/blob/d7ba495a/core/src/main/java/org/apache/sqoop/security/AuthorizationHandler.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/sqoop/security/AuthorizationHandler.java b/core/src/main/java/org/apache/sqoop/security/AuthorizationHandler.java
index 865c6dc..51fc2dc 100644
--- a/core/src/main/java/org/apache/sqoop/security/AuthorizationHandler.java
+++ b/core/src/main/java/org/apache/sqoop/security/AuthorizationHandler.java
@@ -18,31 +18,104 @@
package org.apache.sqoop.security;
import org.apache.log4j.Logger;
+import org.apache.sqoop.common.SqoopException;
+import org.apache.sqoop.model.MPrincipal;
+import org.apache.sqoop.model.MPrivilege;
+import org.apache.sqoop.model.MResource;
+import org.apache.sqoop.model.MRole;
+
+import java.util.List;
/***
* AuthorizationHandler is responsible for controlling role based access.
*/
public abstract class AuthorizationHandler {
- private static final Logger LOG = Logger.getLogger(AuthorizationHandler.class);
+ public abstract void doInitialize() throws ClassNotFoundException, IllegalAccessException, InstantiationException;
+
+ /**
+ * Role related function
+ */
+ public abstract List<MRole> getAllRoles() throws SqoopException;
+
+ public abstract MRole getRole(String name) throws SqoopException;
+
+ public abstract List<MRole> getRolesByPrincipal(MPrincipal principal) throws SqoopException;
+
+ public abstract List<MRole> getRolesByPrivilege(MPrivilege privilege) throws SqoopException;
+
+ public abstract void createRole(String name) throws SqoopException;
+
+ public abstract void updateRole(String old_name, String new_name) throws SqoopException;
+
+ public abstract void removeRole(String name) throws SqoopException;
+
+ /**
+ * Principal related function
+ */
+ public abstract List<MPrincipal> getAllPrincipals() throws SqoopException;
+
+ public abstract List<MPrincipal> getPrincipalsByName(String name) throws SqoopException;
+
+ public abstract List<MPrincipal> getPrincipalsByType(String type) throws SqoopException;
+
+ public abstract MPrincipal getPrincipal(String name, String type) throws SqoopException;
+
+ public abstract List<MPrincipal> getPrincipalsByRole(MRole role) throws SqoopException;
+
+ public abstract void createPrincipal(String name, String type) throws SqoopException;
+
+ public abstract void updatePrincipal(MPrincipal old_principal, MPrincipal new_principal) throws SqoopException;
+
+ public abstract void removePrincipalsByName(String name) throws SqoopException;
+
+ public abstract void removePrincipalsByType(String type) throws SqoopException;
+
+ public abstract void removePrincipal(MPrincipal principal) throws SqoopException;
+
+ public abstract void grantRole(List<MPrincipal> principals, List<MRole> roles) throws SqoopException;
+
+ public abstract void revokeRole(List<MPrincipal> principals, List<MRole> roles) throws SqoopException;
+
+ /**
+ * Resource related function
+ */
+ public abstract List<MResource> getAllResources() throws SqoopException;
+
+ public abstract List<MResource> getResourcesByType(String type) throws SqoopException;
+
+ public abstract MResource getResource(String name, String type) throws SqoopException;
+
+ public abstract void createResource(String name, String type) throws SqoopException;
+
+ public abstract void updateResource(MResource old_resource, MResource new_resource) throws SqoopException;
+
+ public abstract void removeResourcesByType(String type) throws SqoopException;
+
+ public abstract void removeResource(MResource resource) throws SqoopException;
+
+ /**
+ * Privilege related function
+ */
+ public abstract List<MPrivilege> getAllPrivileges() throws SqoopException;
+
+ public abstract MPrivilege getPrivilegeByName(String name) throws SqoopException;
+
+ public abstract List<MPrivilege> getPrivilegesByResource(MResource resource) throws SqoopException;
+
+ public abstract List<MPrivilege> getPrivilegesByRole(MRole role) throws SqoopException;
+
+ public abstract void createPrivilege(String name, MResource resource, String action, boolean with_grant_option) throws SqoopException;
- protected AuthorizationAccessController authorizationAccessController;
+ public abstract void updatePrivilege(MPrivilege old_privilege, MPrivilege new_privilege) throws SqoopException;
- protected AuthorizationValidator authorizationValidator;
+ public abstract void removePrivilege(String name) throws SqoopException;
- public AuthorizationValidator getAuthorizationValidator() {
- return authorizationValidator;
- }
+ public abstract void removePrivilegesByResource(MResource resource) throws SqoopException;
- public void setAuthorizationValidator(AuthorizationValidator authorizationValidator) {
- this.authorizationValidator = authorizationValidator;
- }
+ public abstract void grantPrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) throws SqoopException;
- public AuthorizationAccessController getAuthorizationAccessController() {
- return authorizationAccessController;
- }
+ public abstract void revokePrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) throws SqoopException;
- public void setAuthorizationAccessController(AuthorizationAccessController authorizationAccessController) {
- this.authorizationAccessController = authorizationAccessController;
- }
+ public abstract void checkPrivileges(MPrincipal principal, List<MPrivilege> privileges) throws SqoopException;
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sqoop/blob/d7ba495a/core/src/main/java/org/apache/sqoop/security/AuthorizationManager.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/sqoop/security/AuthorizationManager.java b/core/src/main/java/org/apache/sqoop/security/AuthorizationManager.java
index 4d66bf7..cfa7a66 100644
--- a/core/src/main/java/org/apache/sqoop/security/AuthorizationManager.java
+++ b/core/src/main/java/org/apache/sqoop/security/AuthorizationManager.java
@@ -35,16 +35,6 @@ public class AuthorizationManager implements Reconfigurable {
public static final String DEFAULT_AUTHORIZATION_HANDLER = "org.apache.sqoop.security.Authorization.DefaultAuthorizationHandler";
/**
- * Default authorization access controller
- */
- public static final String DEFAULT_AUTHORIZATION_ACCESS_CONTROLLER = "org.apache.sqoop.security.Authorization.DefaultAuthorizationAccessController";
-
- /**
- * Default authorization validator
- */
- public static final String DEFAULT_AUTHORIZATION_VALIDATOR = "org.apache.sqoop.security.Authorization.DefaultAuthorizationValidator";
-
- /**
* Default authorization auto upgrade option value
*/
protected static boolean DEFAULT_AUTO_UPGRADE = false;
@@ -98,24 +88,12 @@ public class AuthorizationManager implements Reconfigurable {
public synchronized void initialize() throws ClassNotFoundException, IllegalAccessException, InstantiationException {
LOG.trace("Begin authorization manager initialization");
- MapContext mapContext = SqoopConfiguration.getInstance().getContext();
- String handler = mapContext.getString(SecurityConstants.AUTHORIZATION_HANDLER,
- DEFAULT_AUTHORIZATION_HANDLER).trim();
+ String handler = SqoopConfiguration.getInstance().getContext().getString(
+ SecurityConstants.AUTHORIZATION_HANDLER,
+ DEFAULT_AUTHORIZATION_HANDLER).trim();
authorizationHandler = SecurityFactory.getAuthorizationHandler(handler);
-
- String accessController = mapContext.getString(
- SecurityConstants.AUTHORIZATION_ACCESS_CONTROLLER,
- DEFAULT_AUTHORIZATION_ACCESS_CONTROLLER).trim();
- AuthorizationAccessController authorizationAccessController =
- SecurityFactory.getAuthorizationAccessController(accessController);
- authorizationHandler.setAuthorizationAccessController(authorizationAccessController);
-
- String validator = mapContext.getString(SecurityConstants.AUTHORIZATION_VALIDATOR,
- DEFAULT_AUTHORIZATION_VALIDATOR).trim();
- AuthorizationValidator authorizationValidator =
- SecurityFactory.getAuthorizationValidator(validator);
- authorizationHandler.setAuthorizationValidator(authorizationValidator);
+ authorizationHandler.doInitialize();
LOG.info("Authorization loaded.");
}
http://git-wip-us.apache.org/repos/asf/sqoop/blob/d7ba495a/core/src/main/java/org/apache/sqoop/security/AuthorizationValidator.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/sqoop/security/AuthorizationValidator.java b/core/src/main/java/org/apache/sqoop/security/AuthorizationValidator.java
index 7c41015..c6482fb 100644
--- a/core/src/main/java/org/apache/sqoop/security/AuthorizationValidator.java
+++ b/core/src/main/java/org/apache/sqoop/security/AuthorizationValidator.java
@@ -17,13 +17,17 @@
*/
package org.apache.sqoop.security;
-import org.apache.log4j.Logger;
+import org.apache.sqoop.common.SqoopException;
+import org.apache.sqoop.model.MPrincipal;
+import org.apache.sqoop.model.MPrivilege;
+
+import java.util.List;
/***
* AuthorizationHandler is responsible for checking access.
*/
public abstract class AuthorizationValidator {
- private static final Logger LOG = Logger.getLogger(AuthorizationValidator.class);
+ public abstract void checkPrivileges(MPrincipal principal, List<MPrivilege> privileges) throws SqoopException;
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sqoop/blob/d7ba495a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationAccessController.java
----------------------------------------------------------------------
diff --git a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationAccessController.java b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationAccessController.java
index c8839f8..02f8f3b 100644
--- a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationAccessController.java
+++ b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationAccessController.java
@@ -18,9 +18,241 @@
package org.apache.sqoop.security.Authorization;
import org.apache.log4j.Logger;
+import org.apache.sqoop.common.SqoopException;
+import org.apache.sqoop.model.MPrincipal;
+import org.apache.sqoop.model.MPrivilege;
+import org.apache.sqoop.model.MResource;
+import org.apache.sqoop.model.MRole;
import org.apache.sqoop.security.AuthorizationAccessController;
+import java.security.Principal;
+import java.util.List;
+
public class DefaultAuthorizationAccessController extends AuthorizationAccessController {
private static final Logger LOG = Logger.getLogger(DefaultAuthorizationAccessController.class);
+
+ /**
+ * Role related function
+ */
+ public List<MRole> getAllRoles() throws SqoopException {
+ LOG.debug("Get all roles in default authorization access controller: return null");
+ return null;
+ }
+
+ public MRole getRole(String name) throws SqoopException {
+ LOG.debug("Get role in default authorization access controller: return null");
+ LOG.debug("name: " + name);
+ return null;
+ }
+
+ public List<MRole> getRolesByPrincipal(MPrincipal principal) throws SqoopException {
+ LOG.debug("Get roles by principal in default authorization access controller: return null");
+ LOG.debug("principal: " + principal.toString());
+ return null;
+ }
+
+ public List<MRole> getRolesByPrivilege(MPrivilege privilege) throws SqoopException {
+ LOG.debug("Get roles by privilege in default authorization access controller: return null");
+ LOG.debug("privilege: " + privilege.toString());
+ return null;
+ }
+
+ public void createRole(String name) throws SqoopException {
+ LOG.debug("Create role in default authorization access controller: empty function");
+ LOG.debug("name: " + name);
+ }
+
+ public void updateRole(String old_name, String new_name) throws SqoopException {
+ LOG.debug("Update role in default authorization access controller: empty function");
+ LOG.debug("old name: " + old_name + ", new name: " + new_name);
+ }
+
+ public void removeRole(String name) throws SqoopException {
+ LOG.debug("Remove role in default authorization access controller: empty function");
+ LOG.debug("name: " + name);
+ }
+
+ /**
+ * Principal related function
+ */
+ public List<MPrincipal> getAllPrincipals() throws SqoopException {
+ LOG.debug("Get all principals in default authorization access controller: return null");
+ return null;
+ }
+
+ public List<MPrincipal> getPrincipalsByName(String name) throws SqoopException {
+ LOG.debug("Get principals by name in default authorization access controller: return null");
+ LOG.debug("name: " + name);
+ return null;
+ }
+
+ public List<MPrincipal> getPrincipalsByType(String type) throws SqoopException {
+ LOG.debug("Get principals by type in default authorization access controller: return null");
+ LOG.debug("type: " + type);
+ return null;
+ }
+
+ public MPrincipal getPrincipal(String name, String type) throws SqoopException {
+ LOG.debug("Get principal in default authorization access controller: return null");
+ LOG.debug("name: " + name + ", type: " + type);
+ return null;
+ }
+
+ public List<MPrincipal> getPrincipalsByRole(MRole role) throws SqoopException {
+ LOG.debug("Get principals by role in default authorization access controller: return null");
+ LOG.debug("role: " + role.toString());
+ return null;
+ }
+
+ public void createPrincipal(String name, String type) throws SqoopException {
+ LOG.debug("Create principal in default authorization access controller: empty function");
+ LOG.debug("name: " + name + ", type: " + type);
+ }
+
+ public void updatePrincipal(MPrincipal old_principal, MPrincipal new_principal) throws SqoopException {
+ LOG.debug("Update principal in default authorization access controller: empty function");
+ LOG.debug("old principal: " + old_principal + ", new principal: " + new_principal);
+ }
+
+ public void removePrincipalsByName(String name) throws SqoopException {
+ LOG.debug("Remove principals by name in default authorization access controller: empty function");
+ LOG.debug("name: " + name);
+ }
+
+ public void removePrincipalsByType(String type) throws SqoopException {
+ LOG.debug("Remove principals by type in default authorization access controller: empty function");
+ LOG.debug("type: " + type);
+ }
+
+ public void removePrincipal(MPrincipal principal) throws SqoopException {
+ LOG.debug("Remove principal in default authorization access controller: empty function");
+ LOG.debug("principal: " + principal.toString());
+ }
+
+ public void grantRole(List<MPrincipal> principals, List<MRole> roles) throws SqoopException {
+ LOG.debug("Grant role in default authorization access controller: empty function");
+ for (MPrincipal principal : principals) {
+ LOG.debug("principal: " + principal.toString());
+ }
+ for (MRole role : roles) {
+ LOG.debug("role: " + role.toString());
+ }
+ }
+
+ public void revokeRole(List<MPrincipal> principals, List<MRole> roles) throws SqoopException {
+ LOG.debug("Revoke role in default authorization access controller: empty function");
+ for (MPrincipal principal : principals) {
+ LOG.debug("principal: " + principal.toString());
+ }
+ for (MRole role : roles) {
+ LOG.debug("role: " + role.toString());
+ }
+ }
+
+ /**
+ * Resource related function
+ */
+ public List<MResource> getAllResources() throws SqoopException {
+ LOG.debug("Get all resources in default authorization access controller: return null");
+ return null;
+ }
+
+ public List<MResource> getResourcesByType(String type) throws SqoopException {
+ LOG.debug("Get resources by type in default authorization access controller: return null");
+ LOG.debug("type: " + type);
+ return null;
+ }
+
+ public MResource getResource(String name, String type) throws SqoopException {
+ LOG.debug("Get resource in default authorization access controller: return null");
+ LOG.debug("name: " + name + ", type: " + type);
+ return null;
+ }
+
+ public void createResource(String name, String type) throws SqoopException {
+ LOG.debug("Create resource in default authorization access controller: empty function");
+ LOG.debug("name: " + name + ", type: " + type);
+ }
+
+ public void updateResource(MResource old_resource, MResource new_resource) throws SqoopException {
+ LOG.debug("Update resource in default authorization access controller: empty function");
+ LOG.debug("old_resource: " + old_resource + ", new_resource: " + new_resource);
+ }
+
+ public void removeResourcesByType(String type) throws SqoopException {
+ LOG.debug("Remove resource by type in default authorization access controller: empty function");
+ LOG.debug("type: " + type);
+ }
+
+ public void removeResource(MResource resource) throws SqoopException {
+ LOG.debug("Remove resource in default authorization access controller: empty function");
+ LOG.debug("resource: " + resource.toString());
+ }
+
+ /**
+ * Privilege related function
+ */
+ public List<MPrivilege> getAllPrivileges() throws SqoopException {
+ LOG.debug("Get all privileges in default authorization access controller: return null");
+ return null;
+ }
+
+ public MPrivilege getPrivilegeByName(String name) throws SqoopException {
+ LOG.debug("Get privileges by name in default authorization access controller: return null");
+ LOG.debug("name: " + name);
+ return null;
+ }
+
+ public List<MPrivilege> getPrivilegesByResource(MResource resource) throws SqoopException {
+ LOG.debug("Get privileges by resource in default authorization access controller: return null");
+ LOG.debug("resource: " + resource.toString());
+ return null;
+ }
+
+ public List<MPrivilege> getPrivilegesByRole(MRole role) throws SqoopException {
+ LOG.debug("Get privileges by role in default authorization access controller: return null");
+ LOG.debug("role: " + role.toString());
+ return null;
+ }
+
+ public void createPrivilege(String name, MResource resource, String action, boolean with_grant_option) throws SqoopException {
+ LOG.debug("Create privilege in default authorization access controller: empty function");
+ LOG.debug("name: " + name + ", resource: " + resource.toString() + ", action: " + action + ", with grant option: " + with_grant_option);
+ }
+
+ public void updatePrivilege(MPrivilege old_privilege, MPrivilege new_privilege) throws SqoopException {
+ LOG.debug("Update privilege in default authorization access controller: empty function");
+ LOG.debug("old_privilege: " + old_privilege + ", new_privilege: " + new_privilege);
+ }
+
+ public void removePrivilege(String name) throws SqoopException {
+ LOG.debug("Remove privilege in default authorization access controller: empty function");
+ LOG.debug("name: " + name);
+ }
+
+ public void removePrivilegesByResource(MResource resource) throws SqoopException {
+ LOG.debug("Remove privileges by resource in default authorization access controller: empty function");
+ LOG.debug("resource: " + resource.toString());
+ }
+
+ public void grantPrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) throws SqoopException {
+ LOG.debug("Grant privileges in default authorization access controller: empty function");
+ for (MPrincipal principal : principals) {
+ LOG.debug("principal: " + principal.toString());
+ }
+ for (MPrivilege privilege : privileges) {
+ LOG.debug("privilege: " + privilege.toString());
+ }
+ }
+
+ public void revokePrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) throws SqoopException {
+ LOG.debug("Revoke privileges in default authorization access controller: empty function");
+ for (MPrincipal principal : principals) {
+ LOG.debug("principal: " + principal.toString());
+ }
+ for (MPrivilege privilege : privileges) {
+ LOG.debug("privilege: " + privilege.toString());
+ }
+ }
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sqoop/blob/d7ba495a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationHandler.java
----------------------------------------------------------------------
diff --git a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationHandler.java b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationHandler.java
index a176b4d..9cd2e33 100644
--- a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationHandler.java
+++ b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationHandler.java
@@ -18,9 +18,221 @@
package org.apache.sqoop.security.Authorization;
import org.apache.log4j.Logger;
-import org.apache.sqoop.security.AuthorizationHandler;
+import org.apache.sqoop.common.MapContext;
+import org.apache.sqoop.common.SqoopException;
+import org.apache.sqoop.core.SqoopConfiguration;
+import org.apache.sqoop.model.MPrincipal;
+import org.apache.sqoop.model.MPrivilege;
+import org.apache.sqoop.model.MResource;
+import org.apache.sqoop.model.MRole;
+import org.apache.sqoop.security.*;
+
+import java.util.List;
public class DefaultAuthorizationHandler extends AuthorizationHandler {
+ /**
+ * Default authorization access controller
+ */
+ public static final String DEFAULT_AUTHORIZATION_ACCESS_CONTROLLER = "org.apache.sqoop.security.Authorization.DefaultAuthorizationAccessController";
+
+ /**
+ * Default authorization validator
+ */
+ public static final String DEFAULT_AUTHORIZATION_VALIDATOR = "org.apache.sqoop.security.Authorization.DefaultAuthorizationValidator";
+
private static final Logger LOG = Logger.getLogger(DefaultAuthorizationHandler.class);
+
+ protected AuthorizationAccessController authorizationAccessController;
+
+ protected AuthorizationValidator authorizationValidator;
+
+ public AuthorizationValidator getAuthorizationValidator() {
+ return authorizationValidator;
+ }
+
+ public void setAuthorizationValidator(AuthorizationValidator authorizationValidator) {
+ this.authorizationValidator = authorizationValidator;
+ }
+
+ public AuthorizationAccessController getAuthorizationAccessController() {
+ return authorizationAccessController;
+ }
+
+ public void setAuthorizationAccessController(AuthorizationAccessController authorizationAccessController) {
+ this.authorizationAccessController = authorizationAccessController;
+ }
+
+ public void doInitialize() throws ClassNotFoundException, IllegalAccessException, InstantiationException {
+ MapContext mapContext = SqoopConfiguration.getInstance().getContext();
+ String accessController = mapContext.getString(
+ SecurityConstants.AUTHORIZATION_ACCESS_CONTROLLER,
+ DEFAULT_AUTHORIZATION_ACCESS_CONTROLLER).trim();
+ this.authorizationAccessController = SecurityFactory.getAuthorizationAccessController(accessController);
+
+ String validator = mapContext.getString(
+ SecurityConstants.AUTHORIZATION_VALIDATOR,
+ DEFAULT_AUTHORIZATION_VALIDATOR).trim();
+ this.authorizationValidator = SecurityFactory.getAuthorizationValidator(validator);
+ }
+
+ /**
+ * Role related function
+ */
+ public List<MRole> getAllRoles() throws SqoopException {
+ return this.authorizationAccessController.getAllRoles();
+ }
+
+ public MRole getRole(String name) throws SqoopException {
+ return this.authorizationAccessController.getRole(name);
+ }
+
+ public List<MRole> getRolesByPrincipal(MPrincipal principal) throws SqoopException {
+ return this.authorizationAccessController.getRolesByPrincipal(principal);
+ }
+
+ public List<MRole> getRolesByPrivilege(MPrivilege privilege) throws SqoopException {
+ return this.authorizationAccessController.getRolesByPrivilege(privilege);
+ }
+
+ public void createRole(String name) throws SqoopException {
+ this.authorizationAccessController.createRole(name);
+ }
+
+ public void updateRole(String old_name, String new_name) throws SqoopException {
+ this.authorizationAccessController.updateRole(old_name, new_name);
+ }
+
+ public void removeRole(String name) throws SqoopException {
+ this.authorizationAccessController.removeRole(name);
+ }
+
+ /**
+ * Principal related function
+ */
+ public List<MPrincipal> getAllPrincipals() throws SqoopException {
+ return this.authorizationAccessController.getAllPrincipals();
+ }
+
+ public List<MPrincipal> getPrincipalsByName(String name) throws SqoopException {
+ return this.authorizationAccessController.getPrincipalsByName(name);
+ }
+
+ public List<MPrincipal> getPrincipalsByType(String type) throws SqoopException {
+ return this.authorizationAccessController.getPrincipalsByType(type);
+ }
+
+ public MPrincipal getPrincipal(String name, String type) throws SqoopException {
+ return this.authorizationAccessController.getPrincipal(name, type);
+ }
+
+ public List<MPrincipal> getPrincipalsByRole(MRole role) throws SqoopException {
+ return this.authorizationAccessController.getPrincipalsByRole(role);
+ }
+
+ public void createPrincipal(String name, String type) throws SqoopException {
+ this.authorizationAccessController.createPrincipal(name, type);
+ }
+
+ public void updatePrincipal(MPrincipal old_principal, MPrincipal new_principal) throws SqoopException {
+ this.authorizationAccessController.updatePrincipal(old_principal, new_principal);
+ }
+
+ public void removePrincipalsByName(String name) throws SqoopException {
+ this.authorizationAccessController.removePrincipalsByName(name);
+ }
+
+ public void removePrincipalsByType(String type) throws SqoopException {
+ this.authorizationAccessController.removePrincipalsByType(type);
+ }
+
+ public void removePrincipal(MPrincipal principal) throws SqoopException {
+ this.authorizationAccessController.removePrincipal(principal);
+ }
+
+ public void grantRole(List<MPrincipal> principals, List<MRole> roles) throws SqoopException {
+ this.authorizationAccessController.grantRole(principals, roles);
+ }
+
+ public void revokeRole(List<MPrincipal> principals, List<MRole> roles) throws SqoopException {
+ this.authorizationAccessController.revokeRole(principals, roles);
+ }
+
+ /**
+ * Resource related function
+ */
+ public List<MResource> getAllResources() throws SqoopException {
+ return this.authorizationAccessController.getAllResources();
+ }
+
+ public List<MResource> getResourcesByType(String type) throws SqoopException {
+ return this.authorizationAccessController.getResourcesByType(type);
+ }
+
+ public MResource getResource(String name, String type) throws SqoopException {
+ return this.authorizationAccessController.getResource(name, type);
+ }
+
+ public void createResource(String name, String type) throws SqoopException {
+ this.authorizationAccessController.createResource(name, type);
+ }
+
+ public void updateResource(MResource old_resource, MResource new_resource) throws SqoopException {
+ this.authorizationAccessController.updateResource(old_resource, new_resource);
+ }
+
+ public void removeResourcesByType(String type) throws SqoopException {
+ this.authorizationAccessController.removeResourcesByType(type);
+ }
+
+ public void removeResource(MResource resource) throws SqoopException {
+ this.authorizationAccessController.removeResource(resource);
+ }
+
+ /**
+ * Privilege related function
+ */
+ public List<MPrivilege> getAllPrivileges() throws SqoopException {
+ return this.authorizationAccessController.getAllPrivileges();
+ }
+
+ public MPrivilege getPrivilegeByName(String name) throws SqoopException {
+ return this.authorizationAccessController.getPrivilegeByName(name);
+ }
+
+ public List<MPrivilege> getPrivilegesByResource(MResource resource) throws SqoopException {
+ return this.authorizationAccessController.getPrivilegesByResource(resource);
+ }
+
+ public List<MPrivilege> getPrivilegesByRole(MRole role) throws SqoopException {
+ return this.authorizationAccessController.getPrivilegesByRole(role);
+ }
+
+ public void createPrivilege(String name, MResource resource, String action, boolean with_grant_option) throws SqoopException {
+ this.authorizationAccessController.createPrivilege(name, resource, action, with_grant_option);
+ }
+
+ public void updatePrivilege(MPrivilege old_privilege, MPrivilege new_privilege) throws SqoopException {
+ this.authorizationAccessController.updatePrivilege(old_privilege, new_privilege);
+ }
+
+ public void removePrivilege(String name) throws SqoopException {
+ this.authorizationAccessController.removePrivilege(name);
+ }
+
+ public void removePrivilegesByResource(MResource resource) throws SqoopException {
+ this.authorizationAccessController.removePrivilegesByResource(resource);
+ }
+
+ public void grantPrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) throws SqoopException {
+ this.authorizationAccessController.grantPrivileges(principals, privileges);
+ }
+
+ public void revokePrivileges(List<MPrincipal> principals, List<MPrivilege> privileges) throws SqoopException {
+ this.authorizationAccessController.revokePrivileges(principals, privileges);
+ }
+
+ public void checkPrivileges(MPrincipal principal, List<MPrivilege> privileges) throws SqoopException {
+ this.authorizationValidator.checkPrivileges(principal, privileges);
+ }
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/sqoop/blob/d7ba495a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationValidator.java
----------------------------------------------------------------------
diff --git a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationValidator.java b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationValidator.java
index 0842c81..bbde281 100644
--- a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationValidator.java
+++ b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationValidator.java
@@ -18,9 +18,22 @@
package org.apache.sqoop.security.Authorization;
import org.apache.log4j.Logger;
+import org.apache.sqoop.common.SqoopException;
+import org.apache.sqoop.model.MPrincipal;
+import org.apache.sqoop.model.MPrivilege;
import org.apache.sqoop.security.AuthorizationValidator;
+import java.util.List;
+
public class DefaultAuthorizationValidator extends AuthorizationValidator {
private static final Logger LOG = Logger.getLogger(DefaultAuthorizationValidator.class);
+
+ public void checkPrivileges(MPrincipal principal, List<MPrivilege> privileges) throws SqoopException {
+ LOG.debug("Check privilege in default authorization validator: always valid");
+ LOG.debug("principal: " + principal.toString());
+ for (MPrivilege privilege : privileges) {
+ LOG.debug("privilege: " + privilege.toString());
+ }
+ }
}
\ No newline at end of file