You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by nc...@apache.org on 2016/12/22 17:08:19 UTC
[15/26] ambari git commit: AMBARI-19235. 'Cluster User' role issue
after Ambari 2.4.2.0 upgrade (echekanskiy via dlysnichenko)
AMBARI-19235. 'Cluster User' role issue after Ambari 2.4.2.0 upgrade (echekanskiy via dlysnichenko)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/c08df0ef
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/c08df0ef
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/c08df0ef
Branch: refs/heads/branch-dev-patch-upgrade
Commit: c08df0ef4aa67acba21c057e0b0ffd4cb6f0fde7
Parents: 7990368
Author: Lisnichenko Dmitro <dl...@hortonworks.com>
Authored: Wed Dec 21 17:48:39 2016 +0200
Committer: Lisnichenko Dmitro <dl...@hortonworks.com>
Committed: Wed Dec 21 17:49:40 2016 +0200
----------------------------------------------------------------------
.../AmbariLdapAuthoritiesPopulator.java | 21 ++-----
...ariAuthorizationProviderDisableUserTest.java | 2 +-
.../TestAmbariLdapAuthoritiesPopulator.java | 63 ++------------------
3 files changed, 12 insertions(+), 74 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/c08df0ef/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java
index b3be046..92037fc 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariLdapAuthoritiesPopulator.java
@@ -19,14 +19,10 @@ package org.apache.ambari.server.security.authorization;
import java.util.Collection;
import java.util.Collections;
-import java.util.LinkedList;
-import java.util.List;
import org.apache.ambari.server.orm.dao.MemberDAO;
import org.apache.ambari.server.orm.dao.PrivilegeDAO;
import org.apache.ambari.server.orm.dao.UserDAO;
-import org.apache.ambari.server.orm.entities.MemberEntity;
-import org.apache.ambari.server.orm.entities.PrincipalEntity;
import org.apache.ambari.server.orm.entities.PrivilegeEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
import org.slf4j.Logger;
@@ -47,14 +43,17 @@ public class AmbariLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
UserDAO userDAO;
MemberDAO memberDAO;
PrivilegeDAO privilegeDAO;
+ Users users;
@Inject
public AmbariLdapAuthoritiesPopulator(AuthorizationHelper authorizationHelper,
- UserDAO userDAO, MemberDAO memberDAO, PrivilegeDAO privilegeDAO) {
+ UserDAO userDAO, MemberDAO memberDAO, PrivilegeDAO privilegeDAO,
+ Users users) {
this.authorizationHelper = authorizationHelper;
this.userDAO = userDAO;
this.memberDAO = memberDAO;
this.privilegeDAO = privilegeDAO;
+ this.users = users;
}
@Override
@@ -74,18 +73,8 @@ public class AmbariLdapAuthoritiesPopulator implements LdapAuthoritiesPopulator
if(!user.getActive()){
throw new InvalidUsernamePasswordCombinationException();
}
- // get all of the privileges for the user
- List<PrincipalEntity> principalEntities = new LinkedList<PrincipalEntity>();
- principalEntities.add(user.getPrincipal());
-
- List<MemberEntity> memberEntities = memberDAO.findAllMembersByUser(user);
-
- for (MemberEntity memberEntity : memberEntities) {
- principalEntities.add(memberEntity.getGroup().getPrincipal());
- }
-
- List<PrivilegeEntity> privilegeEntities = privilegeDAO.findAllByPrincipal(principalEntities);
+ Collection<PrivilegeEntity> privilegeEntities = users.getUserPrivileges(user);
return authorizationHelper.convertPrivilegesToAuthorities(privilegeEntities);
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/c08df0ef/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationProviderDisableUserTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationProviderDisableUserTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationProviderDisableUserTest.java
index 90d4be0..6b98a5b 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationProviderDisableUserTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationProviderDisableUserTest.java
@@ -58,7 +58,7 @@ public class AmbariAuthorizationProviderDisableUserTest {
alup = new AmbariLocalUserProvider(userDAO, users, encoder);
- ldapPopulator = new AmbariLdapAuthoritiesPopulator(authorizationHelper, userDAO, memberDao, privilegeDao);
+ ldapPopulator = new AmbariLdapAuthoritiesPopulator(authorizationHelper, userDAO, memberDao, privilegeDao, users);
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/c08df0ef/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java
index 5715906..cf6cd32 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java
@@ -20,18 +20,12 @@ package org.apache.ambari.server.security.authorization;
import static org.easymock.EasyMock.expect;
import java.util.Collections;
-import java.util.LinkedList;
-import java.util.List;
import org.apache.ambari.server.orm.dao.MemberDAO;
import org.apache.ambari.server.orm.dao.PrivilegeDAO;
import org.apache.ambari.server.orm.dao.UserDAO;
-import org.apache.ambari.server.orm.entities.GroupEntity;
-import org.apache.ambari.server.orm.entities.MemberEntity;
-import org.apache.ambari.server.orm.entities.PrincipalEntity;
import org.apache.ambari.server.orm.entities.PrivilegeEntity;
import org.apache.ambari.server.orm.entities.UserEntity;
-import org.easymock.EasyMock;
import org.easymock.EasyMockSupport;
import org.junit.Before;
import org.junit.Test;
@@ -47,14 +41,11 @@ public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport {
AuthorizationHelper helper = new AuthorizationHelper();
UserDAO userDAO = createMock(UserDAO.class);
+ Users users = createMock(Users.class);
MemberDAO memberDAO = createMock(MemberDAO.class);
PrivilegeDAO privilegeDAO = createMock(PrivilegeDAO.class);
DirContextOperations userData = createMock(DirContextOperations.class);
UserEntity userEntity = createMock(UserEntity.class);
- PrincipalEntity principalEntity = createMock(PrincipalEntity.class);
- PrincipalEntity groupPrincipalEntity = createMock(PrincipalEntity.class);
- MemberEntity memberEntity = createMock(MemberEntity.class);
- GroupEntity groupEntity = createMock(GroupEntity.class);
PrivilegeEntity privilegeEntity = createMock(PrivilegeEntity.class);
@Before
@@ -64,21 +55,14 @@ public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport {
}
@Test
- public void testGetGrantedAuthorities_mappingDisabled() throws Exception {
+ public void testGetGrantedAuthorities() throws Exception {
String username = "user";
AmbariLdapAuthoritiesPopulator populator = createMockBuilder(AmbariLdapAuthoritiesPopulator.class)
- .withConstructor(helper, userDAO, memberDAO, privilegeDAO).createMock();
+ .withConstructor(helper, userDAO, memberDAO, privilegeDAO, users).createMock();
- expect(userEntity.getPrincipal()).andReturn(principalEntity);
expect(userEntity.getActive()).andReturn(true);
- expect(memberDAO.findAllMembersByUser(userEntity)).andReturn(Collections.singletonList(memberEntity));
- expect(memberEntity.getGroup()).andReturn(groupEntity);
- expect(groupEntity.getPrincipal()).andReturn(groupPrincipalEntity);
- List<PrincipalEntity> principalEntityList = new LinkedList<PrincipalEntity>();
- principalEntityList.add(principalEntity);
- principalEntityList.add(groupPrincipalEntity);
- expect(privilegeDAO.findAllByPrincipal(principalEntityList)).andReturn(Collections.singletonList(privilegeEntity));
+ expect(users.getUserPrivileges(userEntity)).andReturn(Collections.singletonList(privilegeEntity));
expect(userDAO.findLdapUserByName(username)).andReturn(userEntity);
replayAll();
@@ -90,34 +74,6 @@ public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport {
}
@Test
- public void testGetGrantedAuthorities_mappingEnabled() throws Exception {
-
- AmbariLdapAuthoritiesPopulator populator = createMockBuilder(AmbariLdapAuthoritiesPopulator.class)
- .withConstructor(helper, userDAO, memberDAO, privilegeDAO).createMock();
-
- expect(userEntity.getPrincipal()).andReturn(principalEntity).anyTimes();
- expect(userEntity.getActive()).andReturn(true);
- expect(memberDAO.findAllMembersByUser(userEntity)).andReturn(Collections.singletonList(memberEntity)).anyTimes();
- expect(memberEntity.getGroup()).andReturn(groupEntity).anyTimes();
- expect(groupEntity.getPrincipal()).andReturn(groupPrincipalEntity).anyTimes();
- List<PrincipalEntity> principalEntityList = new LinkedList<PrincipalEntity>();
- principalEntityList.add(principalEntity);
- principalEntityList.add(groupPrincipalEntity);
- expect(privilegeDAO.findAllByPrincipal(principalEntityList)).andReturn(Collections.singletonList(privilegeEntity)).anyTimes();
-
- expect(userDAO.findLdapUserByName(EasyMock.<String> anyObject())).andReturn(null).andReturn(userEntity).once();
-
- replayAll();
-
- //test with admin user
- populator.getGrantedAuthorities(userData, "admin");
- //test with non-admin
- populator.getGrantedAuthorities(userData, "user");
-
- verifyAll();
- }
-
- @Test
public void testGetGrantedAuthoritiesWithLoginAlias() throws Exception {
// Given
String loginAlias = "testLoginAlias@testdomain.com";
@@ -129,17 +85,10 @@ public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport {
PowerMock.replay(AuthorizationHelper.class);
AmbariLdapAuthoritiesPopulator populator = createMockBuilder(AmbariLdapAuthoritiesPopulator.class)
- .withConstructor(helper, userDAO, memberDAO, privilegeDAO).createMock();
+ .withConstructor(helper, userDAO, memberDAO, privilegeDAO, users).createMock();
- expect(userEntity.getPrincipal()).andReturn(principalEntity);
expect(userEntity.getActive()).andReturn(true);
- expect(memberDAO.findAllMembersByUser(userEntity)).andReturn(Collections.singletonList(memberEntity));
- expect(memberEntity.getGroup()).andReturn(groupEntity);
- expect(groupEntity.getPrincipal()).andReturn(groupPrincipalEntity);
- List<PrincipalEntity> principalEntityList = new LinkedList<PrincipalEntity>();
- principalEntityList.add(principalEntity);
- principalEntityList.add(groupPrincipalEntity);
- expect(privilegeDAO.findAllByPrincipal(principalEntityList)).andReturn(Collections.singletonList(privilegeEntity));
+ expect(users.getUserPrivileges(userEntity)).andReturn(Collections.singletonList(privilegeEntity));
expect(userDAO.findLdapUserByName(ambariUserName)).andReturn(userEntity); // user should be looked up by user name instead of login alias