sqoop-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject sqoop git commit: SQOOP-2379: Sqoop2: Check whether resource exists before run privilege check
Date Mon, 08 Jun 2015 12:58:40 GMT
Repository: sqoop
Updated Branches:
  refs/heads/sqoop2 3e50a3b7e -> b8e53c428


SQOOP-2379: Sqoop2: Check whether resource exists before run privilege check

(Dian Fu via Abraham Elmahrek)


Project: http://git-wip-us.apache.org/repos/asf/sqoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/sqoop/commit/b8e53c42
Tree: http://git-wip-us.apache.org/repos/asf/sqoop/tree/b8e53c42
Diff: http://git-wip-us.apache.org/repos/asf/sqoop/diff/b8e53c42

Branch: refs/heads/sqoop2
Commit: b8e53c42834de21c3b52af5c8b4061b66eb351e9
Parents: 3e50a3b
Author: Abraham Elmahrek <abe@apache.org>
Authored: Mon Jun 8 15:58:07 2015 +0300
Committer: Abraham Elmahrek <abe@apache.org>
Committed: Mon Jun 8 15:58:07 2015 +0300

----------------------------------------------------------------------
 .../sqoop/error/code/CommonRepositoryError.java |  1 +
 .../handler/AuthorizationRequestHandler.java    | 45 ++++++++++++++++++++
 2 files changed, 46 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sqoop/blob/b8e53c42/common/src/main/java/org/apache/sqoop/error/code/CommonRepositoryError.java
----------------------------------------------------------------------
diff --git a/common/src/main/java/org/apache/sqoop/error/code/CommonRepositoryError.java b/common/src/main/java/org/apache/sqoop/error/code/CommonRepositoryError.java
index e5fbe2d..7b8fce5 100644
--- a/common/src/main/java/org/apache/sqoop/error/code/CommonRepositoryError.java
+++ b/common/src/main/java/org/apache/sqoop/error/code/CommonRepositoryError.java
@@ -215,6 +215,7 @@ public enum CommonRepositoryError implements ErrorCode {
   /** We can't restore specific connector**/
   COMMON_0057("Unable to load specific connector"),
 
+  COMMON_0058("Resource doesn't exist"),
   ;
 
   private final String message;

http://git-wip-us.apache.org/repos/asf/sqoop/blob/b8e53c42/server/src/main/java/org/apache/sqoop/handler/AuthorizationRequestHandler.java
----------------------------------------------------------------------
diff --git a/server/src/main/java/org/apache/sqoop/handler/AuthorizationRequestHandler.java
b/server/src/main/java/org/apache/sqoop/handler/AuthorizationRequestHandler.java
index 00f4b52..a730413 100644
--- a/server/src/main/java/org/apache/sqoop/handler/AuthorizationRequestHandler.java
+++ b/server/src/main/java/org/apache/sqoop/handler/AuthorizationRequestHandler.java
@@ -20,6 +20,9 @@ package org.apache.sqoop.handler;
 import org.apache.log4j.Logger;
 import org.apache.sqoop.audit.AuditLoggerManager;
 import org.apache.sqoop.common.SqoopException;
+import org.apache.sqoop.error.code.CommonRepositoryError;
+import org.apache.sqoop.repository.Repository;
+import org.apache.sqoop.repository.RepositoryManager;
 import org.apache.sqoop.server.common.ServerError;
 import org.apache.sqoop.json.*;
 import org.apache.sqoop.model.MPrincipal;
@@ -165,6 +168,38 @@ public class AuthorizationRequestHandler implements RequestHandler {
     }
   }
 
+  private void checkResourceExists(MResource resource) {
+    if (resource == null) {
+      return;
+    }
+
+    Boolean resourceExists = false;
+    Repository repository = RepositoryManager.getInstance().getRepository();
+    MResource.TYPE type = MResource.TYPE.valueOf(resource.getType());
+
+    if (type == MResource.TYPE.CONNECTOR) {
+      if (repository.findConnector(resource.getName()) != null) {
+        resourceExists = true;
+      }
+    } else if (type == MResource.TYPE.LINK) {
+      if (repository.findLink(resource.getName()) != null) {
+        resourceExists = true;
+      }
+    } else if (type == MResource.TYPE.JOB) {
+      if (repository.findJob(resource.getName()) != null) {
+        resourceExists = true;
+      }
+    } else {
+      // For MResource.Type.SERVER, it must exists
+      resourceExists = true;
+    }
+
+    if (!resourceExists) {
+      throw new SqoopException(CommonRepositoryError.COMMON_0058,
+          "Can't find resource " + resource.toString());
+    }
+  }
+
   private JsonBean getPrivilege(RequestContext ctx) {
     AuthorizationHandler handler = AuthorizationManager.getAuthorizationHandler();
     AuditLoggerManager manager = AuditLoggerManager.getInstance();
@@ -180,6 +215,7 @@ public class AuthorizationRequestHandler implements RequestHandler {
       if (resource_name != null && resource_type != null) {
         resource = new MResource(resource_name, resource_type);
       }
+      checkResourceExists(resource);
       manager.logAuditEvent(ctx.getUserName(),
               ctx.getRequest().getRemoteAddr(), "get", "privileges by principal", principal.toString());
       return new PrivilegesBean(handler.getPrivilegesByPrincipal(principal, resource));
@@ -272,6 +308,15 @@ public class AuthorizationRequestHandler implements RequestHandler {
     // Get privilege object
     List<MPrivilege> privileges = privilegesBean == null ? null : privilegesBean.getPrivileges();
 
+    if (privileges != null) {
+      for (MPrivilege privilege : privileges) {
+        checkResourceExists(privilege.getResource());
+      }
+    } else if (isGrant){
+      throw new SqoopException(CommonRepositoryError.COMMON_0058,
+          "Resource can't be null");
+    }
+
     if (isGrant) {
       manager.logAuditEvent(ctx.getUserName(),
               ctx.getRequest().getRemoteAddr(), "grant", "role", "privilege");


Mime
View raw message