You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sentry.apache.org by gc...@apache.org on 2016/03/10 23:03:23 UTC

incubator-sentry git commit: SENTRY-1122: Allow Solr Audit Log to Read Impersonator Info (Gregory Chanan, Reviewed by: Vamsee Yarlagadda)

Repository: incubator-sentry
Updated Branches:
  refs/heads/master 3d05db9b0 -> baad976f0


SENTRY-1122: Allow Solr Audit Log to Read Impersonator Info (Gregory Chanan, Reviewed by: Vamsee Yarlagadda)


Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/baad976f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/baad976f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/baad976f

Branch: refs/heads/master
Commit: baad976f0ea6d3808dc0487af0aaaba2c25a1cce
Parents: 3d05db9
Author: Gregory Chanan <gc...@cloudera.com>
Authored: Tue Mar 8 15:47:15 2016 -0800
Committer: Gregory Chanan <gc...@cloudera.com>
Committed: Thu Mar 10 14:02:42 2016 -0800

----------------------------------------------------------------------
 .../SentryIndexAuthorizationSingleton.java      | 24 ++++++++++++++++++--
 .../org/apache/solr/sentry/SentryTestBase.java  | 14 ++++++++----
 2 files changed, 32 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/baad976f/sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/SentryIndexAuthorizationSingleton.java
----------------------------------------------------------------------
diff --git a/sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/SentryIndexAuthorizationSingleton.java b/sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/SentryIndexAuthorizationSingleton.java
index c8f0560..245fe78 100644
--- a/sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/SentryIndexAuthorizationSingleton.java
+++ b/sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/SentryIndexAuthorizationSingleton.java
@@ -39,8 +39,20 @@ public class SentryIndexAuthorizationSingleton {
   private static Logger log =
     LoggerFactory.getLogger(SentryIndexAuthorizationSingleton.class);
 
+  /**
+   * Java system property for specifying location of sentry-site.xml
+   */
   public static final String propertyName = "solr.authorization.sentry.site";
-  private static final String USER_NAME = "solr.user.name";
+
+  /**
+   * {@link HttpServletRequest} attribute for requesting user name
+   */
+  public static final String USER_NAME = "solr.user.name";
+
+  /**
+   * {@link HttpServletRequest} attribute for requesting do as user.
+   */
+  public static final String DO_AS_USER_NAME = "solr.do.as.user.name";
 
   private static final SentryIndexAuthorizationSingleton INSTANCE =
     new SentryIndexAuthorizationSingleton(System.getProperty(propertyName));
@@ -126,7 +138,7 @@ public class SentryIndexAuthorizationSingleton {
     Subject userName = new Subject(getUserName(req));
     long eventTime = req.getStartTime();
     String paramString = req.getParamString();
-    String impersonator = null; // FIXME
+    String impersonator = getImpersonatorName(req);
 
     String ipAddress = null;
     HttpServletRequest sreq = (HttpServletRequest) req.getContext().get("httpRequest");
@@ -219,6 +231,14 @@ public class SentryIndexAuthorizationSingleton {
       superUser:(String)httpServletRequest.getAttribute(USER_NAME);
   }
 
+  private String getImpersonatorName(SolrQueryRequest req) {
+    HttpServletRequest httpServletRequest = (HttpServletRequest)req.getContext().get("httpRequest");
+    if (httpServletRequest != null) {
+      return (String)httpServletRequest.getAttribute(DO_AS_USER_NAME);
+    }
+    return null;
+  }
+
   /**
    * Attempt to notify the Sentry service when deleting collection happened
    * @param collection

http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/baad976f/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java
----------------------------------------------------------------------
diff --git a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java
index fc13728..e1a1ba8 100644
--- a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java
+++ b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java
@@ -36,13 +36,14 @@ import java.lang.reflect.Field;
 
 import org.junit.Assert;
 
+import static org.apache.solr.sentry.SentryIndexAuthorizationSingleton.USER_NAME;
+import static org.apache.solr.sentry.SentryIndexAuthorizationSingleton.DO_AS_USER_NAME;
+
 /**
  * Base class for Sentry tests
  */
 public abstract class SentryTestBase extends SolrTestCaseJ4 {
 
-  private static final String USER_NAME = "solr.user.name";
-
   private SolrQueryRequest request;
 
   public void setUp(SolrCore core) throws Exception {
@@ -95,10 +96,15 @@ public abstract class SentryTestBase extends SolrTestCaseJ4 {
     cloudDescField.set(coreDescriptor, mCloudDescriptor);
 
     HttpServletRequest httpServletRequest = EasyMock.createMock(HttpServletRequest.class);
-    IExpectationSetters getAttributeExpect =
+    IExpectationSetters getAttributeUserExpect =
         EasyMock.expect(httpServletRequest.getAttribute(USER_NAME)).andReturn(user);
     if (!onlyOnce) {
-      getAttributeExpect.anyTimes();
+      getAttributeUserExpect.anyTimes();
+    }
+    IExpectationSetters getAttributeDoAsUserExpect =
+        EasyMock.expect(httpServletRequest.getAttribute(DO_AS_USER_NAME)).andReturn(null);
+    if (!onlyOnce) {
+      getAttributeDoAsUserExpect.anyTimes();
     }
     EasyMock.replay(httpServletRequest);
     request.getContext().put("httpRequest", httpServletRequest);