You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@shardingsphere.apache.org by pa...@apache.org on 2021/03/11 07:00:12 UTC
[shardingsphere] branch master updated: load Privilege when proxy
start (#9627)
This is an automated email from the ASF dual-hosted git repository.
panjuan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shardingsphere.git
The following commit(s) were added to refs/heads/master by this push:
new 7012145 load Privilege when proxy start (#9627)
7012145 is described below
commit 7012145a2a0d3eac2a81c50aa1870116cc0df6b7
Author: JingShang Lu <lu...@apache.org>
AuthorDate: Thu Mar 11 14:59:54 2021 +0800
load Privilege when proxy start (#9627)
* load Privilege when proxy start
* fix
* fix
---
.../auth/builder/loader/PrivilegeLoader.java | 4 +-
.../loader/dialect/MySQLPrivilegeLoader.java | 318 ++++++++++++++++++++-
.../builtin/yaml/swapper/UserRuleYamlSwapper.java | 3 +-
.../model/privilege/AdministrationPrivilege.java | 8 +-
.../auth/model/privilege/PrivilegeType.java | 33 ++-
.../auth/model/privilege/data/DataPrivilege.java | 8 +-
.../auth/model/privilege/data/SchemaPrivilege.java | 14 +-
.../auth/model/privilege/data/TablePrivilege.java | 6 +-
.../infra/metadata/auth/model/user/Grantee.java | 5 +-
.../type/CreateUserStatementAuthRefresher.java | 2 +-
.../context/metadata/MetaDataContextsBuilder.java | 2 +-
.../mysql/auth/MySQLAuthenticationHandlerTest.java | 3 +-
.../auth/PostgreSQLAuthenticationHandler.java | 3 +-
13 files changed, 385 insertions(+), 24 deletions(-)
diff --git a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/builder/loader/PrivilegeLoader.java b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/builder/loader/PrivilegeLoader.java
index a0d8cdc..c233bf2 100644
--- a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/builder/loader/PrivilegeLoader.java
+++ b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/builder/loader/PrivilegeLoader.java
@@ -22,6 +22,7 @@ import org.apache.shardingsphere.infra.metadata.auth.model.privilege.ShardingSph
import org.apache.shardingsphere.infra.metadata.auth.model.user.ShardingSphereUser;
import javax.sql.DataSource;
+import java.sql.SQLException;
import java.util.Optional;
/**
@@ -42,6 +43,7 @@ public interface PrivilegeLoader {
* @param user user
* @param dataSource data source
* @return sharding sphere privilege
+ * @throws SQLException sql exception
*/
- Optional<ShardingSpherePrivilege> load(ShardingSphereUser user, DataSource dataSource);
+ Optional<ShardingSpherePrivilege> load(ShardingSphereUser user, DataSource dataSource) throws SQLException;
}
diff --git a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/builder/loader/dialect/MySQLPrivilegeLoader.java b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/builder/loader/dialect/MySQLPrivilegeLoader.java
index 2868be4..62384b6 100644
--- a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/builder/loader/dialect/MySQLPrivilegeLoader.java
+++ b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/builder/loader/dialect/MySQLPrivilegeLoader.java
@@ -20,10 +20,17 @@ package org.apache.shardingsphere.infra.metadata.auth.builder.loader.dialect;
import org.apache.shardingsphere.infra.database.type.DatabaseType;
import org.apache.shardingsphere.infra.database.type.dialect.MySQLDatabaseType;
import org.apache.shardingsphere.infra.metadata.auth.builder.loader.PrivilegeLoader;
+import org.apache.shardingsphere.infra.metadata.auth.model.privilege.PrivilegeType;
import org.apache.shardingsphere.infra.metadata.auth.model.privilege.ShardingSpherePrivilege;
+import org.apache.shardingsphere.infra.metadata.auth.model.privilege.data.SchemaPrivilege;
+import org.apache.shardingsphere.infra.metadata.auth.model.privilege.data.TablePrivilege;
import org.apache.shardingsphere.infra.metadata.auth.model.user.ShardingSphereUser;
import javax.sql.DataSource;
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
import java.util.Optional;
/**
@@ -37,7 +44,314 @@ public final class MySQLPrivilegeLoader implements PrivilegeLoader {
}
@Override
- public Optional<ShardingSpherePrivilege> load(final ShardingSphereUser user, final DataSource dataSource) {
- return Optional.empty();
+ public Optional<ShardingSpherePrivilege> load(final ShardingSphereUser user, final DataSource dataSource) throws SQLException {
+ ShardingSpherePrivilege result = new ShardingSpherePrivilege();
+ fillGlobalPrivilege(result, dataSource, user);
+ fillSchemaPrivilege(result, dataSource, user);
+ fillTablePrivilege(result, dataSource, user);
+ return Optional.of(result);
+ }
+
+ private void fillGlobalPrivilege(final ShardingSpherePrivilege privilege, final DataSource dataSource, final ShardingSphereUser user) throws SQLException {
+ Connection connection = dataSource.getConnection();
+ connection.setAutoCommit(true);
+ PreparedStatement statement = connection.prepareStatement("select * from mysql.user where user=? and host=?");
+ statement.setString(1, user.getGrantee().getUsername());
+ statement.setString(2, user.getGrantee().getHostname());
+ ResultSet resultSet = statement.executeQuery();
+ if (resultSet.first()) {
+ Boolean selectPriv = resultSet.getBoolean("Select_priv");
+ if (selectPriv) {
+ privilege.getAdministrationPrivilege().getPrivileges().add(PrivilegeType.SELECT);
+ privilege.getDataPrivilege().getGlobalPrivileges().add(PrivilegeType.SELECT);
+ }
+ Boolean insertPriv = resultSet.getBoolean("Insert_priv");
+ if (insertPriv) {
+ privilege.getAdministrationPrivilege().getPrivileges().add(PrivilegeType.INSERT);
+ privilege.getDataPrivilege().getGlobalPrivileges().add(PrivilegeType.INSERT);
+ }
+ Boolean updatePriv = resultSet.getBoolean("Update_priv");
+ if (updatePriv) {
+ privilege.getAdministrationPrivilege().getPrivileges().add(PrivilegeType.UPDATE);
+ privilege.getDataPrivilege().getGlobalPrivileges().add(PrivilegeType.UPDATE);
+ }
+ Boolean deletePriv = resultSet.getBoolean("Delete_priv");
+ if (deletePriv) {
+ privilege.getAdministrationPrivilege().getPrivileges().add(PrivilegeType.DELETE);
+ privilege.getDataPrivilege().getGlobalPrivileges().add(PrivilegeType.DELETE);
+ }
+ Boolean createPriv = resultSet.getBoolean("Create_priv");
+ if (createPriv) {
+ privilege.getAdministrationPrivilege().getPrivileges().add(PrivilegeType.CREATE);
+ privilege.getDataPrivilege().getGlobalPrivileges().add(PrivilegeType.CREATE);
+ }
+ Boolean dropPriv = resultSet.getBoolean("Drop_priv");
+ if (dropPriv) {
+ privilege.getAdministrationPrivilege().getPrivileges().add(PrivilegeType.DROP);
+ privilege.getDataPrivilege().getGlobalPrivileges().add(PrivilegeType.DROP);
+ }
+ Boolean reloadPriv = resultSet.getBoolean("Reload_priv");
+ if (reloadPriv) {
+ privilege.getAdministrationPrivilege().getPrivileges().add(PrivilegeType.RELOAD);
+ }
+ Boolean shutdownPriv = resultSet.getBoolean("Shutdown_priv");
+ if (shutdownPriv) {
+ privilege.getAdministrationPrivilege().getPrivileges().add(PrivilegeType.SHUTDOWN);
+ }
+ Boolean processPriv = resultSet.getBoolean("Process_priv");
+ if (processPriv) {
+ privilege.getAdministrationPrivilege().getPrivileges().add(PrivilegeType.PROCESS);
+ }
+ Boolean filePriv = resultSet.getBoolean("File_priv");
+ if (filePriv) {
+ privilege.getAdministrationPrivilege().getPrivileges().add(PrivilegeType.FILE);
+ }
+ Boolean grantPriv = resultSet.getBoolean("Grant_priv");
+ if (grantPriv) {
+ privilege.getAdministrationPrivilege().getPrivileges().add(PrivilegeType.GRANT);
+ privilege.getDataPrivilege().getGlobalPrivileges().add(PrivilegeType.GRANT);
+ }
+ Boolean referencesPriv = resultSet.getBoolean("References_priv");
+ if (referencesPriv) {
+ privilege.getAdministrationPrivilege().getPrivileges().add(PrivilegeType.REFERENCES);
+ privilege.getDataPrivilege().getGlobalPrivileges().add(PrivilegeType.REFERENCES);
+ }
+ Boolean indexPriv = resultSet.getBoolean("Index_priv");
+ if (indexPriv) {
+ privilege.getAdministrationPrivilege().getPrivileges().add(PrivilegeType.INDEX);
+ privilege.getDataPrivilege().getGlobalPrivileges().add(PrivilegeType.INDEX);
+ }
+ Boolean alterPriv = resultSet.getBoolean("Alter_priv");
+ if (alterPriv) {
+ privilege.getAdministrationPrivilege().getPrivileges().add(PrivilegeType.ALTER);
+ privilege.getDataPrivilege().getGlobalPrivileges().add(PrivilegeType.ALTER);
+ }
+ Boolean showDbPriv = resultSet.getBoolean("Show_db_priv");
+ if (showDbPriv) {
+ privilege.getAdministrationPrivilege().getPrivileges().add(PrivilegeType.SHOW_DB);
+ }
+ Boolean superPriv = resultSet.getBoolean("Super_priv");
+ if (superPriv) {
+ privilege.getAdministrationPrivilege().getPrivileges().add(PrivilegeType.SUPER);
+ }
+ Boolean createTmpTablePriv = resultSet.getBoolean("Create_tmp_table_priv");
+ if (createTmpTablePriv) {
+ privilege.getAdministrationPrivilege().getPrivileges().add(PrivilegeType.CREATE_TMP);
+ privilege.getDataPrivilege().getGlobalPrivileges().add(PrivilegeType.CREATE_TMP);
+ }
+ Boolean lockTablesPriv = resultSet.getBoolean("Lock_tables_priv");
+ if (lockTablesPriv) {
+ privilege.getAdministrationPrivilege().getPrivileges().add(PrivilegeType.LOCK_TABLES);
+ privilege.getDataPrivilege().getGlobalPrivileges().add(PrivilegeType.LOCK_TABLES);
+ }
+ Boolean executePriv = resultSet.getBoolean("Execute_priv");
+ if (executePriv) {
+ privilege.getAdministrationPrivilege().getPrivileges().add(PrivilegeType.EXECUTE);
+ privilege.getDataPrivilege().getGlobalPrivileges().add(PrivilegeType.EXECUTE);
+ }
+ Boolean replSlavePriv = resultSet.getBoolean("Repl_slave_priv");
+ if (replSlavePriv) {
+ privilege.getAdministrationPrivilege().getPrivileges().add(PrivilegeType.REPL_SLAVE);
+ }
+ Boolean replClientPriv = resultSet.getBoolean("Repl_client_priv");
+ if (replClientPriv) {
+ privilege.getAdministrationPrivilege().getPrivileges().add(PrivilegeType.REPL_CLIENT);
+ }
+ Boolean createViewPriv = resultSet.getBoolean("Create_view_priv");
+ if (createViewPriv) {
+ privilege.getAdministrationPrivilege().getPrivileges().add(PrivilegeType.CREATE_VIEW);
+ privilege.getDataPrivilege().getGlobalPrivileges().add(PrivilegeType.CREATE_VIEW);
+ }
+ Boolean showViewPriv = resultSet.getBoolean("Show_view_priv");
+ if (showViewPriv) {
+ privilege.getAdministrationPrivilege().getPrivileges().add(PrivilegeType.SHOW_VIEW);
+ privilege.getDataPrivilege().getGlobalPrivileges().add(PrivilegeType.SHOW_VIEW);
+ }
+ Boolean createRoutinePriv = resultSet.getBoolean("Create_routine_priv");
+ if (createRoutinePriv) {
+ privilege.getAdministrationPrivilege().getPrivileges().add(PrivilegeType.CREATE_PROC);
+ privilege.getDataPrivilege().getGlobalPrivileges().add(PrivilegeType.CREATE_PROC);
+ }
+ Boolean alterRoutinePriv = resultSet.getBoolean("Alter_routine_priv");
+ if (alterRoutinePriv) {
+ privilege.getAdministrationPrivilege().getPrivileges().add(PrivilegeType.ALTER_PROC);
+ privilege.getDataPrivilege().getGlobalPrivileges().add(PrivilegeType.ALTER_PROC);
+ }
+ Boolean createUserPriv = resultSet.getBoolean("Create_user_priv");
+ if (createUserPriv) {
+ privilege.getAdministrationPrivilege().getPrivileges().add(PrivilegeType.CREATE_USER);
+ }
+ Boolean eventPriv = resultSet.getBoolean("Event_priv");
+ if (eventPriv) {
+ privilege.getAdministrationPrivilege().getPrivileges().add(PrivilegeType.EVENT);
+ privilege.getDataPrivilege().getGlobalPrivileges().add(PrivilegeType.EVENT);
+ }
+ Boolean triggerPriv = resultSet.getBoolean("Trigger_priv");
+ if (triggerPriv) {
+ privilege.getAdministrationPrivilege().getPrivileges().add(PrivilegeType.TRIGGER);
+ privilege.getDataPrivilege().getGlobalPrivileges().add(PrivilegeType.TRIGGER);
+ }
+ Boolean createTablespacePriv = resultSet.getBoolean("Create_tablespace_priv");
+ if (createTablespacePriv) {
+ privilege.getAdministrationPrivilege().getPrivileges().add(PrivilegeType.CREATE_TABLESPACE);
+ }
+ }
+ }
+
+ private void fillSchemaPrivilege(final ShardingSpherePrivilege privilege, final DataSource dataSource, final ShardingSphereUser user) throws SQLException {
+ Connection connection = dataSource.getConnection();
+ connection.setAutoCommit(true);
+ PreparedStatement statement = connection.prepareStatement("select * from mysql.db where user=? and host=?");
+ statement.setString(1, user.getGrantee().getUsername());
+ statement.setString(2, user.getGrantee().getHostname());
+ ResultSet resultSet = statement.executeQuery();
+ while (resultSet.first()) {
+ String schema = resultSet.getString("Db");
+ SchemaPrivilege schemaPrivilege = new SchemaPrivilege(schema);
+ Boolean selectPriv = resultSet.getBoolean("Select_priv");
+ if (selectPriv) {
+ schemaPrivilege.getGlobalPrivileges().add(PrivilegeType.SELECT);
+ }
+ Boolean insertPriv = resultSet.getBoolean("Insert_priv");
+ if (insertPriv) {
+ schemaPrivilege.getGlobalPrivileges().add(PrivilegeType.INSERT);
+ }
+ Boolean updatePriv = resultSet.getBoolean("Update_priv");
+ if (updatePriv) {
+ schemaPrivilege.getGlobalPrivileges().add(PrivilegeType.UPDATE);
+ }
+ Boolean deletePriv = resultSet.getBoolean("Delete_priv");
+ if (deletePriv) {
+ schemaPrivilege.getGlobalPrivileges().add(PrivilegeType.DELETE);
+ }
+ Boolean createPriv = resultSet.getBoolean("Create_priv");
+ if (createPriv) {
+ schemaPrivilege.getGlobalPrivileges().add(PrivilegeType.CREATE);
+ }
+ Boolean dropPriv = resultSet.getBoolean("Drop_priv");
+ if (dropPriv) {
+ schemaPrivilege.getGlobalPrivileges().add(PrivilegeType.DROP);
+ }
+ Boolean grantPriv = resultSet.getBoolean("Grant_priv");
+ if (grantPriv) {
+ schemaPrivilege.getGlobalPrivileges().add(PrivilegeType.GRANT);
+ }
+ Boolean referencesPriv = resultSet.getBoolean("References_priv");
+ if (referencesPriv) {
+ schemaPrivilege.getGlobalPrivileges().add(PrivilegeType.REFERENCES);
+ }
+ Boolean indexPriv = resultSet.getBoolean("Index_priv");
+ if (indexPriv) {
+ schemaPrivilege.getGlobalPrivileges().add(PrivilegeType.INDEX);
+ }
+ Boolean alterPriv = resultSet.getBoolean("Alter_priv");
+ if (alterPriv) {
+ schemaPrivilege.getGlobalPrivileges().add(PrivilegeType.ALTER);
+ }
+ Boolean createTmpTablePriv = resultSet.getBoolean("Create_tmp_table_priv");
+ if (createTmpTablePriv) {
+ schemaPrivilege.getGlobalPrivileges().add(PrivilegeType.CREATE_TMP);
+ }
+ Boolean lockTablesPriv = resultSet.getBoolean("Lock_tables_priv");
+ if (lockTablesPriv) {
+ schemaPrivilege.getGlobalPrivileges().add(PrivilegeType.LOCK_TABLES);
+ }
+ Boolean executePriv = resultSet.getBoolean("Execute_priv");
+ if (executePriv) {
+ schemaPrivilege.getGlobalPrivileges().add(PrivilegeType.EXECUTE);
+ }
+ Boolean createViewPriv = resultSet.getBoolean("Create_view_priv");
+ if (createViewPriv) {
+ schemaPrivilege.getGlobalPrivileges().add(PrivilegeType.CREATE_VIEW);
+ }
+ Boolean showViewPriv = resultSet.getBoolean("Show_view_priv");
+ if (showViewPriv) {
+ schemaPrivilege.getGlobalPrivileges().add(PrivilegeType.SHOW_VIEW);
+ }
+ Boolean createRoutinePriv = resultSet.getBoolean("Create_routine_priv");
+ if (createRoutinePriv) {
+ schemaPrivilege.getGlobalPrivileges().add(PrivilegeType.CREATE_PROC);
+ }
+ Boolean alterRoutinePriv = resultSet.getBoolean("Alter_routine_priv");
+ if (alterRoutinePriv) {
+ schemaPrivilege.getGlobalPrivileges().add(PrivilegeType.ALTER_PROC);
+ }
+ Boolean eventPriv = resultSet.getBoolean("Event_priv");
+ if (eventPriv) {
+ schemaPrivilege.getGlobalPrivileges().add(PrivilegeType.EVENT);
+ }
+ Boolean triggerPriv = resultSet.getBoolean("Trigger_priv");
+ if (triggerPriv) {
+ schemaPrivilege.getGlobalPrivileges().add(PrivilegeType.TRIGGER);
+ }
+ privilege.getDataPrivilege().getSpecificPrivileges().put(schema, schemaPrivilege);
+ }
+ }
+
+ private void fillTablePrivilege(final ShardingSpherePrivilege privilege, final DataSource dataSource, final ShardingSphereUser user) throws SQLException {
+ Connection connection = dataSource.getConnection();
+ connection.setAutoCommit(true);
+ PreparedStatement statement = connection.prepareStatement("select * from mysql.tables_priv where user=? and host=?");
+ statement.setString(1, user.getGrantee().getUsername());
+ statement.setString(2, user.getGrantee().getHostname());
+ ResultSet resultSet = statement.executeQuery();
+ while (resultSet.next()) {
+ String schema = resultSet.getString("Db");
+ String tableName = resultSet.getString("Table_name");
+ TablePrivilege tablePrivilege = new TablePrivilege(tableName);
+ String[] privs = (String[]) resultSet.getArray("Table_priv").getArray();
+ for (String each : privs) {
+ switch (each) {
+ case "Select":
+ tablePrivilege.getPrivileges().add(PrivilegeType.SELECT);
+ break;
+ case "Insert":
+ tablePrivilege.getPrivileges().add(PrivilegeType.INSERT);
+ break;
+ case "Update":
+ tablePrivilege.getPrivileges().add(PrivilegeType.UPDATE);
+ break;
+ case "Delete":
+ tablePrivilege.getPrivileges().add(PrivilegeType.DELETE);
+ break;
+ case "Create":
+ tablePrivilege.getPrivileges().add(PrivilegeType.CREATE);
+ break;
+ case "Drop":
+ tablePrivilege.getPrivileges().add(PrivilegeType.DROP);
+ break;
+ case "Grant":
+ tablePrivilege.getPrivileges().add(PrivilegeType.GRANT);
+ break;
+ case "References":
+ tablePrivilege.getPrivileges().add(PrivilegeType.REFERENCES);
+ break;
+ case "Index":
+ tablePrivilege.getPrivileges().add(PrivilegeType.INDEX);
+ break;
+ case "Alter":
+ tablePrivilege.getPrivileges().add(PrivilegeType.ALTER);
+ break;
+ case "Create View":
+ tablePrivilege.getPrivileges().add(PrivilegeType.CREATE_VIEW);
+ break;
+ case "Show view":
+ tablePrivilege.getPrivileges().add(PrivilegeType.SHOW_VIEW);
+ break;
+ case "Trigger":
+ tablePrivilege.getPrivileges().add(PrivilegeType.TRIGGER);
+ break;
+ default:
+ break;
+ }
+ }
+ if (privilege.getDataPrivilege().getSpecificPrivileges().containsKey(schema)) {
+ privilege.getDataPrivilege().getSpecificPrivileges().get(schema).getSpecificPrivileges().put(tableName, tablePrivilege);
+ } else {
+ SchemaPrivilege schemaPrivilege = new SchemaPrivilege(schema);
+ schemaPrivilege.getSpecificPrivileges().put(tableName, tablePrivilege);
+ privilege.getDataPrivilege().getSpecificPrivileges().put(schema, schemaPrivilege);
+ }
+ }
}
}
diff --git a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/builtin/yaml/swapper/UserRuleYamlSwapper.java b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/builtin/yaml/swapper/UserRuleYamlSwapper.java
index b1082b2..f013f04 100644
--- a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/builtin/yaml/swapper/UserRuleYamlSwapper.java
+++ b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/builtin/yaml/swapper/UserRuleYamlSwapper.java
@@ -19,7 +19,6 @@ package org.apache.shardingsphere.infra.metadata.auth.builtin.yaml.swapper;
import org.apache.shardingsphere.infra.metadata.auth.builtin.yaml.config.YamlUserConfiguration;
import org.apache.shardingsphere.infra.metadata.auth.builtin.yaml.config.YamlUserRuleConfiguration;
-import org.apache.shardingsphere.infra.metadata.auth.model.privilege.PrivilegeType;
import org.apache.shardingsphere.infra.metadata.auth.model.user.ShardingSphereUser;
import org.apache.shardingsphere.infra.yaml.swapper.YamlConfigurationSwapper;
@@ -66,6 +65,6 @@ public final class UserRuleYamlSwapper implements YamlConfigurationSwapper<YamlU
private ShardingSphereUser swapToObject(final String username, final YamlUserConfiguration yamlConfig) {
return new ShardingSphereUser(username, yamlConfig.getPassword(), (null == yamlConfig.getHostname()
- || PrivilegeType.ALL_HOST_NAME.getName().equals(yamlConfig.getHostname())) ? "" : yamlConfig.getHostname());
+ || "%".equals(yamlConfig.getHostname())) ? "%" : yamlConfig.getHostname());
}
}
diff --git a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/privilege/AdministrationPrivilege.java b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/privilege/AdministrationPrivilege.java
index c3f3f46..32df2e3 100644
--- a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/privilege/AdministrationPrivilege.java
+++ b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/privilege/AdministrationPrivilege.java
@@ -37,7 +37,7 @@ public final class AdministrationPrivilege {
* @return has privileges or not
*/
public boolean hasPrivileges(final Collection<PrivilegeType> privileges) {
- return this.privileges.contains(PrivilegeType.ALL) || this.privileges.containsAll(privileges);
+ return this.privileges.contains(PrivilegeType.SUPER) || this.privileges.containsAll(privileges);
}
/**
@@ -45,6 +45,10 @@ public final class AdministrationPrivilege {
*
*/
public void setSuper() {
- privileges.add(PrivilegeType.ALL);
+ for (PrivilegeType each : PrivilegeType.values()) {
+ if (!each.equals(PrivilegeType.GRANT)) {
+ privileges.add(each);
+ }
+ }
}
}
diff --git a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/privilege/PrivilegeType.java b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/privilege/PrivilegeType.java
index 594748d..b64a1dd 100644
--- a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/privilege/PrivilegeType.java
+++ b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/privilege/PrivilegeType.java
@@ -28,7 +28,38 @@ import lombok.RequiredArgsConstructor;
@Getter
public enum PrivilegeType {
- ALL("*"), SELECT("SELECT"), DELETE("DELETE"), UPDATE("UPDATE"), INSERT("INSERT"), ALL_HOST_NAME("%");
+ SELECT("SELECT"),
+ INSERT("INSERT"),
+ UPDATE("UPDATE"),
+ DELETE("DELETE"),
+ USAGE("USAGE"),
+ CREATE("CREATE"),
+ DROP("DROP"),
+ RELOAD("RELOAD"),
+ SHUTDOWN("SHUTDOWN"),
+ PROCESS("PROCESS"),
+ FILE("FILE"),
+ GRANT("GRANT"),
+ REFERENCES("REFERENCES"),
+ INDEX("INDEX"),
+ ALTER("ALTER"),
+ SHOW_DB("SHOW_DB"),
+ SUPER("SUPER"),
+ CREATE_TMP("CREATE_TMP"),
+ LOCK_TABLES("LOCK_TABLES"),
+ EXECUTE("EXECUTE"),
+ REPL_SLAVE("REPL_SLAVE"),
+ REPL_CLIENT("REPL_CLIENT"),
+ CREATE_VIEW("CREATE_VIEW"),
+ SHOW_VIEW("SHOW_VIEW"),
+ CREATE_PROC("CREATE_PROC"),
+ ALTER_PROC("ALTER_PROC"),
+ CREATE_USER("CREATE_USER"),
+ EVENT("EVENT"),
+ TRIGGER("TRIGGER"),
+ CREATE_TABLESPACE("CREATE_TABLESPACE"),
+ CREATE_ROLE("CREATE_ROLE"),
+ DROP_ROLE("DROP_ROLE");
private final String name;
}
diff --git a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/privilege/data/DataPrivilege.java b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/privilege/data/DataPrivilege.java
index e2844f7..136caab 100644
--- a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/privilege/data/DataPrivilege.java
+++ b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/privilege/data/DataPrivilege.java
@@ -60,7 +60,7 @@ public final class DataPrivilege {
}
private boolean hasGlobalPrivileges(final Collection<PrivilegeType> privileges) {
- return globalPrivileges.contains(PrivilegeType.ALL) || !globalPrivileges.isEmpty() && globalPrivileges.containsAll(privileges);
+ return globalPrivileges.contains(PrivilegeType.SUPER) || !globalPrivileges.isEmpty() && globalPrivileges.containsAll(privileges);
}
private boolean hasSpecificPrivileges(final String schema, final Collection<PrivilegeType> privileges) {
@@ -78,6 +78,10 @@ public final class DataPrivilege {
*
*/
public void setSuper() {
- globalPrivileges.add(PrivilegeType.ALL);
+ for (PrivilegeType each : PrivilegeType.values()) {
+ if (!each.equals(PrivilegeType.GRANT)) {
+ globalPrivileges.add(each);
+ }
+ }
}
}
diff --git a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/privilege/data/SchemaPrivilege.java b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/privilege/data/SchemaPrivilege.java
index 10e5aa5..5df7b61 100644
--- a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/privilege/data/SchemaPrivilege.java
+++ b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/privilege/data/SchemaPrivilege.java
@@ -62,11 +62,23 @@ public final class SchemaPrivilege {
}
private boolean hasGlobalPrivileges(final Collection<PrivilegeType> privileges) {
- return globalPrivileges.contains(PrivilegeType.ALL) || !globalPrivileges.isEmpty() && globalPrivileges.containsAll(privileges);
+ return !globalPrivileges.isEmpty() && globalPrivileges.containsAll(privileges);
}
private boolean hasSpecificPrivileges(final String table, final Collection<PrivilegeType> privileges) {
Collection<PrivilegeType> targets = privileges.stream().filter(each -> !globalPrivileges.contains(each)).collect(Collectors.toList());
return specificPrivileges.containsKey(table) && specificPrivileges.get(table).hasPrivileges(targets);
}
+
+ /**
+ * Set super privilege.
+ *
+ */
+ public void setSuper() {
+ for (PrivilegeType each : PrivilegeType.values()) {
+ if (!each.equals(PrivilegeType.GRANT)) {
+ globalPrivileges.add(each);
+ }
+ }
+ }
}
diff --git a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/privilege/data/TablePrivilege.java b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/privilege/data/TablePrivilege.java
index 986fdcc..e152d74 100644
--- a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/privilege/data/TablePrivilege.java
+++ b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/privilege/data/TablePrivilege.java
@@ -22,6 +22,7 @@ import lombok.RequiredArgsConstructor;
import org.apache.shardingsphere.infra.metadata.auth.model.privilege.PrivilegeType;
import java.util.Collection;
+import java.util.LinkedHashSet;
/**
* Table privilege.
@@ -32,7 +33,7 @@ public final class TablePrivilege {
private final String tableName;
- private final Collection<PrivilegeType> privileges;
+ private final Collection<PrivilegeType> privileges = new LinkedHashSet<>();
/**
* Has privileges.
@@ -41,9 +42,6 @@ public final class TablePrivilege {
* @return has privileges or not
*/
public boolean hasPrivileges(final Collection<PrivilegeType> privileges) {
- if (this.privileges.contains(PrivilegeType.ALL)) {
- return true;
- }
return this.privileges.containsAll(privileges);
}
}
diff --git a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/user/Grantee.java b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/user/Grantee.java
index dc692aa..183e158 100644
--- a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/user/Grantee.java
+++ b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/model/user/Grantee.java
@@ -21,7 +21,6 @@ import com.google.common.base.Objects;
import com.google.common.base.Strings;
import lombok.Getter;
import lombok.RequiredArgsConstructor;
-import org.apache.shardingsphere.infra.metadata.auth.model.privilege.PrivilegeType;
/**
* Grantee.
@@ -39,14 +38,14 @@ public final class Grantee {
if (obj instanceof Grantee) {
Grantee grantee = (Grantee) obj;
return grantee.getUsername().equalsIgnoreCase(username) && (grantee.getHostname().equalsIgnoreCase(hostname) || Strings.isNullOrEmpty(hostname)
- || hostname.equals(PrivilegeType.ALL_HOST_NAME.getName()));
+ || "%".equals(hostname));
}
return false;
}
@Override
public int hashCode() {
- return (Strings.isNullOrEmpty(hostname) || hostname.equals(PrivilegeType.ALL_HOST_NAME.getName()))
+ return (Strings.isNullOrEmpty(hostname) || "%".equals(hostname))
? Objects.hashCode(username.toUpperCase()) : Objects.hashCode(username.toUpperCase(), hostname.toUpperCase());
}
}
diff --git a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/refresher/type/CreateUserStatementAuthRefresher.java b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/refresher/type/CreateUserStatementAuthRefresher.java
index afe92bd..4be1afd 100644
--- a/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/refresher/type/CreateUserStatementAuthRefresher.java
+++ b/shardingsphere-infra/shardingsphere-infra-common/src/main/java/org/apache/shardingsphere/infra/metadata/auth/refresher/type/CreateUserStatementAuthRefresher.java
@@ -47,7 +47,7 @@ public final class CreateUserStatementAuthRefresher implements AuthenticationRef
private Collection<ShardingSphereUser> generateUsers(final CreateUserStatement statement) {
Collection<ShardingSphereUser> result = new LinkedList<>();
for (UserSegment each : statement.getUsers()) {
- result.add(new ShardingSphereUser(each.getUser(), each.getAuth(), each.getHost()));
+ result.add(new ShardingSphereUser(each.getUser(), each.getAuth(), null != each.getHost() ? each.getHost() : "%"));
}
return result;
}
diff --git a/shardingsphere-infra/shardingsphere-infra-context/src/main/java/org/apache/shardingsphere/infra/context/metadata/MetaDataContextsBuilder.java b/shardingsphere-infra/shardingsphere-infra-context/src/main/java/org/apache/shardingsphere/infra/context/metadata/MetaDataContextsBuilder.java
index b16c408..a660edd 100644
--- a/shardingsphere-infra/shardingsphere-infra-context/src/main/java/org/apache/shardingsphere/infra/context/metadata/MetaDataContextsBuilder.java
+++ b/shardingsphere-infra/shardingsphere-infra-context/src/main/java/org/apache/shardingsphere/infra/context/metadata/MetaDataContextsBuilder.java
@@ -90,10 +90,10 @@ public final class MetaDataContextsBuilder {
*/
public StandardMetaDataContexts build() throws SQLException {
Map<String, ShardingSphereMetaData> mataDataMap = new HashMap<>(ruleConfigs.size(), 1);
- Authentication authentication = buildAuthentication(users, mataDataMap);
for (String each : ruleConfigs.keySet()) {
mataDataMap.put(each, buildMetaData(each));
}
+ Authentication authentication = buildAuthentication(users, mataDataMap);
return new StandardMetaDataContexts(mataDataMap, executorEngine, authentication, props);
}
diff --git a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/test/java/org/apache/shardingsphere/proxy/frontend/mysql/auth/MySQLAuthenticationHandlerTest.java b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/test/java/org/apache/shardingsphere/proxy/frontend/mysql/auth/MySQLAuthenticationHandlerTest.java
index 183fa46..36c6a7b 100644
--- a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/test/java/org/apache/shardingsphere/proxy/frontend/mysql/auth/MySQLAuthenticationHandlerTest.java
+++ b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-mysql/src/test/java/org/apache/shardingsphere/proxy/frontend/mysql/auth/MySQLAuthenticationHandlerTest.java
@@ -21,7 +21,6 @@ import com.google.common.primitives.Bytes;
import lombok.SneakyThrows;
import org.apache.shardingsphere.db.protocol.mysql.constant.MySQLServerErrorCode;
import org.apache.shardingsphere.db.protocol.mysql.packet.handshake.MySQLAuthPluginData;
-import org.apache.shardingsphere.infra.metadata.auth.model.privilege.PrivilegeType;
import org.apache.shardingsphere.infra.metadata.auth.model.privilege.data.SchemaPrivilege;
import org.apache.shardingsphere.infra.metadata.auth.model.user.ShardingSphereUser;
import org.apache.shardingsphere.infra.metadata.auth.builtin.DefaultAuthentication;
@@ -125,7 +124,7 @@ public final class MySQLAuthenticationHandlerTest {
DefaultAuthentication authentication = new DefaultAuthentication();
ShardingSpherePrivilege privilege = new ShardingSpherePrivilege();
SchemaPrivilege schema = new SchemaPrivilege("db1");
- schema.getGlobalPrivileges().add(PrivilegeType.ALL);
+ schema.setSuper();
privilege.getDataPrivilege().getSpecificPrivileges().put("db1", schema);
authentication.getAuthentication().put(user, privilege);
initProxyContext(authentication);
diff --git a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-postgresql/src/main/java/org/apache/shardingsphere/proxy/frontend/postgresql/auth/PostgreSQLAuthenticationHandler.java b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-postgresql/src/main/java/org/apache/shardingsphere/proxy/frontend/postgresql/auth/PostgreSQLAuthenticationHandler.java
index d366995..299fa4a 100644
--- a/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-postgresql/src/main/java/org/apache/shardingsphere/proxy/frontend/postgresql/auth/PostgreSQLAuthenticationHandler.java
+++ b/shardingsphere-proxy/shardingsphere-proxy-frontend/shardingsphere-proxy-frontend-postgresql/src/main/java/org/apache/shardingsphere/proxy/frontend/postgresql/auth/PostgreSQLAuthenticationHandler.java
@@ -23,7 +23,6 @@ import org.apache.commons.codec.binary.Hex;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.shardingsphere.db.protocol.postgresql.constant.PostgreSQLErrorCode;
import org.apache.shardingsphere.db.protocol.postgresql.packet.handshake.PostgreSQLPasswordMessagePacket;
-import org.apache.shardingsphere.infra.metadata.auth.model.privilege.PrivilegeType;
import org.apache.shardingsphere.infra.metadata.auth.model.user.Grantee;
import org.apache.shardingsphere.infra.metadata.auth.model.user.ShardingSphereUser;
import org.apache.shardingsphere.proxy.backend.context.ProxyContext;
@@ -48,7 +47,7 @@ public final class PostgreSQLAuthenticationHandler {
* @return PostgreSQL login result
*/
public static PostgreSQLLoginResult loginWithMd5Password(final String username, final String databaseName, final byte[] md5Salt, final PostgreSQLPasswordMessagePacket passwordMessagePacket) {
- Optional<ShardingSphereUser> user = ProxyContext.getInstance().getMetaDataContexts().getAuthentication().findUser(new Grantee(username, PrivilegeType.ALL_HOST_NAME.getName()));
+ Optional<ShardingSphereUser> user = ProxyContext.getInstance().getMetaDataContexts().getAuthentication().findUser(new Grantee(username, "%"));
if (!user.isPresent()) {
return new PostgreSQLLoginResult(PostgreSQLErrorCode.INVALID_AUTHORIZATION_SPECIFICATION, String.format("unknown username: %s", username));
}