You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by gc...@apache.org on 2016/03/10 23:03:23 UTC
incubator-sentry git commit: SENTRY-1122: Allow Solr Audit Log to
Read Impersonator Info (Gregory Chanan, Reviewed by: Vamsee Yarlagadda)
Repository: incubator-sentry
Updated Branches:
refs/heads/master 3d05db9b0 -> baad976f0
SENTRY-1122: Allow Solr Audit Log to Read Impersonator Info (Gregory Chanan, Reviewed by: Vamsee Yarlagadda)
Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/baad976f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/baad976f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/baad976f
Branch: refs/heads/master
Commit: baad976f0ea6d3808dc0487af0aaaba2c25a1cce
Parents: 3d05db9
Author: Gregory Chanan <gc...@cloudera.com>
Authored: Tue Mar 8 15:47:15 2016 -0800
Committer: Gregory Chanan <gc...@cloudera.com>
Committed: Thu Mar 10 14:02:42 2016 -0800
----------------------------------------------------------------------
.../SentryIndexAuthorizationSingleton.java | 24 ++++++++++++++++++--
.../org/apache/solr/sentry/SentryTestBase.java | 14 ++++++++----
2 files changed, 32 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/baad976f/sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/SentryIndexAuthorizationSingleton.java
----------------------------------------------------------------------
diff --git a/sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/SentryIndexAuthorizationSingleton.java b/sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/SentryIndexAuthorizationSingleton.java
index c8f0560..245fe78 100644
--- a/sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/SentryIndexAuthorizationSingleton.java
+++ b/sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/SentryIndexAuthorizationSingleton.java
@@ -39,8 +39,20 @@ public class SentryIndexAuthorizationSingleton {
private static Logger log =
LoggerFactory.getLogger(SentryIndexAuthorizationSingleton.class);
+ /**
+ * Java system property for specifying location of sentry-site.xml
+ */
public static final String propertyName = "solr.authorization.sentry.site";
- private static final String USER_NAME = "solr.user.name";
+
+ /**
+ * {@link HttpServletRequest} attribute for requesting user name
+ */
+ public static final String USER_NAME = "solr.user.name";
+
+ /**
+ * {@link HttpServletRequest} attribute for requesting do as user.
+ */
+ public static final String DO_AS_USER_NAME = "solr.do.as.user.name";
private static final SentryIndexAuthorizationSingleton INSTANCE =
new SentryIndexAuthorizationSingleton(System.getProperty(propertyName));
@@ -126,7 +138,7 @@ public class SentryIndexAuthorizationSingleton {
Subject userName = new Subject(getUserName(req));
long eventTime = req.getStartTime();
String paramString = req.getParamString();
- String impersonator = null; // FIXME
+ String impersonator = getImpersonatorName(req);
String ipAddress = null;
HttpServletRequest sreq = (HttpServletRequest) req.getContext().get("httpRequest");
@@ -219,6 +231,14 @@ public class SentryIndexAuthorizationSingleton {
superUser:(String)httpServletRequest.getAttribute(USER_NAME);
}
+ private String getImpersonatorName(SolrQueryRequest req) {
+ HttpServletRequest httpServletRequest = (HttpServletRequest)req.getContext().get("httpRequest");
+ if (httpServletRequest != null) {
+ return (String)httpServletRequest.getAttribute(DO_AS_USER_NAME);
+ }
+ return null;
+ }
+
/**
* Attempt to notify the Sentry service when deleting collection happened
* @param collection
http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/baad976f/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java
----------------------------------------------------------------------
diff --git a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java
index fc13728..e1a1ba8 100644
--- a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java
+++ b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java
@@ -36,13 +36,14 @@ import java.lang.reflect.Field;
import org.junit.Assert;
+import static org.apache.solr.sentry.SentryIndexAuthorizationSingleton.USER_NAME;
+import static org.apache.solr.sentry.SentryIndexAuthorizationSingleton.DO_AS_USER_NAME;
+
/**
* Base class for Sentry tests
*/
public abstract class SentryTestBase extends SolrTestCaseJ4 {
- private static final String USER_NAME = "solr.user.name";
-
private SolrQueryRequest request;
public void setUp(SolrCore core) throws Exception {
@@ -95,10 +96,15 @@ public abstract class SentryTestBase extends SolrTestCaseJ4 {
cloudDescField.set(coreDescriptor, mCloudDescriptor);
HttpServletRequest httpServletRequest = EasyMock.createMock(HttpServletRequest.class);
- IExpectationSetters getAttributeExpect =
+ IExpectationSetters getAttributeUserExpect =
EasyMock.expect(httpServletRequest.getAttribute(USER_NAME)).andReturn(user);
if (!onlyOnce) {
- getAttributeExpect.anyTimes();
+ getAttributeUserExpect.anyTimes();
+ }
+ IExpectationSetters getAttributeDoAsUserExpect =
+ EasyMock.expect(httpServletRequest.getAttribute(DO_AS_USER_NAME)).andReturn(null);
+ if (!onlyOnce) {
+ getAttributeDoAsUserExpect.anyTimes();
}
EasyMock.replay(httpServletRequest);
request.getContext().put("httpRequest", httpServletRequest);