sqoop-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject sqoop git commit: SQOOP-1981: Sqoop2: Default implementation of RBAC in Sqoop
Date Wed, 28 Jan 2015 03:02:12 GMT
Repository: sqoop
Updated Branches:
  refs/heads/sqoop2 2b4db8023 -> d7ba495af


SQOOP-1981: Sqoop2: Default implementation of RBAC in Sqoop

(Richard Zhou via Abraham Elmahrek)


Project: http://git-wip-us.apache.org/repos/asf/sqoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/sqoop/commit/d7ba495a
Tree: http://git-wip-us.apache.org/repos/asf/sqoop/tree/d7ba495a
Diff: http://git-wip-us.apache.org/repos/asf/sqoop/diff/d7ba495a

Branch: refs/heads/sqoop2
Commit: d7ba495af784a49f0027cb1b0251163bc9e55bbe
Parents: 2b4db80
Author: Abraham Elmahrek <abe@apache.org>
Authored: Tue Jan 27 19:01:37 2015 -0800
Committer: Abraham Elmahrek <abe@apache.org>
Committed: Tue Jan 27 19:01:37 2015 -0800

----------------------------------------------------------------------
 .../java/org/apache/sqoop/model/MPrincipal.java |  80 +++++++
 .../java/org/apache/sqoop/model/MPrivilege.java | 112 +++++++++
 .../java/org/apache/sqoop/model/MResource.java  |  80 +++++++
 .../main/java/org/apache/sqoop/model/MRole.java |  66 ++++++
 .../security/AuthorizationAccessController.java |  92 +++++++-
 .../sqoop/security/AuthorizationHandler.java    | 103 ++++++--
 .../sqoop/security/AuthorizationManager.java    |  30 +--
 .../sqoop/security/AuthorizationValidator.java  |   8 +-
 .../DefaultAuthorizationAccessController.java   | 232 +++++++++++++++++++
 .../DefaultAuthorizationHandler.java            | 214 ++++++++++++++++-
 .../DefaultAuthorizationValidator.java          |  13 ++
 11 files changed, 984 insertions(+), 46 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/sqoop/blob/d7ba495a/common/src/main/java/org/apache/sqoop/model/MPrincipal.java
----------------------------------------------------------------------
diff --git a/common/src/main/java/org/apache/sqoop/model/MPrincipal.java b/common/src/main/java/org/apache/sqoop/model/MPrincipal.java
new file mode 100644
index 0000000..061ffe5
--- /dev/null
+++ b/common/src/main/java/org/apache/sqoop/model/MPrincipal.java
@@ -0,0 +1,80 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sqoop.model;
+
+/**
+ * Model describing entire principal object which used in principal based authorization controller
+ */
+public class MPrincipal {
+
+  private final String id;
+  private final String name;
+  /**
+   * Currently, the type supports user, group and role.
+   */
+  private final String type;
+
+  /**
+   * Default constructor to build  new MPrincipal model.
+   *
+   * @param id   Principal id
+   * @param name Principal name
+   * @param type Principal type
+   */
+  public MPrincipal(String id,
+                    String name,
+                    String type) {
+    this.id = id;
+    this.name = name;
+    this.type = type;
+  }
+
+  /**
+   * Constructor to build  new MPrincipal model.
+   *
+   * @param name Principal name
+   * @param type Principal type
+   */
+  public MPrincipal(String name,
+                    String type) {
+    this(null, name, type);
+  }
+
+  @Override
+  public String toString() {
+    StringBuilder sb = new StringBuilder("Principal (");
+    sb.append("Principal id: ").append(this.id);
+    sb.append(", Principal name: ").append(this.name);
+    sb.append(", Principal type: ").append(this.type);
+    sb.append(" )");
+
+    return sb.toString();
+  }
+
+  public String getId() {
+    return id;
+  }
+
+  public String getName() {
+    return name;
+  }
+
+  public String getType() {
+    return type;
+  }
+}

http://git-wip-us.apache.org/repos/asf/sqoop/blob/d7ba495a/common/src/main/java/org/apache/sqoop/model/MPrivilege.java
----------------------------------------------------------------------
diff --git a/common/src/main/java/org/apache/sqoop/model/MPrivilege.java b/common/src/main/java/org/apache/sqoop/model/MPrivilege.java
new file mode 100644
index 0000000..7d656ec
--- /dev/null
+++ b/common/src/main/java/org/apache/sqoop/model/MPrivilege.java
@@ -0,0 +1,112 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sqoop.model;
+
+/**
+ * Model describing entire privilege object which used in privilege based authorization controller
+ */
+public class MPrivilege {
+
+  private final String id;
+  private final String name;
+  private final MResource resource;
+  /**
+   * Currently, the action supports view, use, create, update, delete and enable_disable.
+   */
+  private final String action;
+  private final boolean with_grant_option;
+
+
+  /**
+   * Default constructor to build  new MPrivilege model.
+   *
+   * @param id                Privilege id
+   * @param name              Privilege name
+   * @param resource          Privilege resource
+   * @param action            Privilege action
+   * @param with_grant_option Privilege with_grant_option
+   */
+  public MPrivilege(String id,
+                    String name,
+                    MResource resource,
+                    String action,
+                    boolean with_grant_option) {
+    this.id = id;
+    this.name = name;
+    this.resource = resource;
+    this.action = action;
+    this.with_grant_option = with_grant_option;
+  }
+
+  /**
+   * Constructor to build  new MPrivilege model.
+   *
+   * @param name     Privilege name
+   * @param resource Privilege resource
+   * @param action   Privilege action
+   */
+  public MPrivilege(String name,
+                    MResource resource,
+                    String action) {
+    this(null, name, resource, action, false);
+  }
+
+  /**
+   * Constructor to build  new MPrivilege model.
+   *
+   * @param resource Privilege resource
+   * @param action   Privilege action
+   */
+  public MPrivilege(MResource resource,
+                    String action) {
+    this(null, resource, action);
+  }
+
+  @Override
+  public String toString() {
+    StringBuilder sb = new StringBuilder("Privilege (");
+    sb.append("Privilege id: ").append(this.id);
+    sb.append(", Privilege name: ").append(this.name);
+    sb.append(", Privilege resource: ").append(this.getResource().toString());
+    sb.append(", Privilege action: ").append(this.action);
+    sb.append(", Privilege with_grant_option: ").append(this.with_grant_option);
+    sb.append(" )");
+
+    return sb.toString();
+  }
+
+  public String getId() {
+    return id;
+  }
+
+  public String getName() {
+    return name;
+  }
+
+  public MResource getResource() {
+    return resource;
+  }
+
+  public String getAction() {
+    return action;
+  }
+
+  public boolean isWith_grant_option() {
+    return with_grant_option;
+  }
+}

http://git-wip-us.apache.org/repos/asf/sqoop/blob/d7ba495a/common/src/main/java/org/apache/sqoop/model/MResource.java
----------------------------------------------------------------------
diff --git a/common/src/main/java/org/apache/sqoop/model/MResource.java b/common/src/main/java/org/apache/sqoop/model/MResource.java
new file mode 100644
index 0000000..8e519e5
--- /dev/null
+++ b/common/src/main/java/org/apache/sqoop/model/MResource.java
@@ -0,0 +1,80 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sqoop.model;
+
+/**
+ * Model describing entire resource object which used in resource based authorization controller
+ */
+public class MResource {
+
+  private final String id;
+  private final String name;
+  /**
+   * Currently, the type supports connector, link, job and submission.
+   */
+  private final String type;
+
+  /**
+   * Default constructor to build  new MResource model.
+   *
+   * @param id   Resource id
+   * @param name Resource name
+   * @param type Resource type
+   */
+  public MResource(String id,
+                   String name,
+                   String type) {
+    this.id = id;
+    this.name = name;
+    this.type = type;
+  }
+
+  /**
+   * Constructor to build  new MResource model.
+   *
+   * @param name Resource name
+   * @param type Resource type
+   */
+  public MResource(String name,
+                   String type) {
+    this(null, name, type);
+  }
+
+  @Override
+  public String toString() {
+    StringBuilder sb = new StringBuilder("Resource (");
+    sb.append("Resource id: ").append(this.id);
+    sb.append(", Resource name: ").append(this.name);
+    sb.append(", Resource type: ").append(this.type);
+    sb.append(" )");
+
+    return sb.toString();
+  }
+
+  public String getId() {
+    return id;
+  }
+
+  public String getName() {
+    return name;
+  }
+
+  public String getType() {
+    return type;
+  }
+}

http://git-wip-us.apache.org/repos/asf/sqoop/blob/d7ba495a/common/src/main/java/org/apache/sqoop/model/MRole.java
----------------------------------------------------------------------
diff --git a/common/src/main/java/org/apache/sqoop/model/MRole.java b/common/src/main/java/org/apache/sqoop/model/MRole.java
new file mode 100644
index 0000000..359fa09
--- /dev/null
+++ b/common/src/main/java/org/apache/sqoop/model/MRole.java
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.sqoop.model;
+
+/**
+ * Model describing entire role object which used in role based authorization controller
+ */
+public class MRole {
+
+  private final String id;
+  private final String name;
+
+  /**
+   * Default constructor to build  new MRole model.
+   *
+   * @param id   Role id
+   * @param name Role name
+   */
+  public MRole(String id,
+               String name) {
+    this.id = id;
+    this.name = name;
+  }
+
+  /**
+   * Constructor to build  new MRole model.
+   *
+   * @param name Role name
+   */
+  public MRole(String name) {
+    this(null, name);
+  }
+
+  @Override
+  public String toString() {
+    StringBuilder sb = new StringBuilder("Role (");
+    sb.append("Role id: ").append(this.id);
+    sb.append(", Role name: ").append(this.name);
+    sb.append(" )");
+
+    return sb.toString();
+  }
+
+  public String getId() {
+    return id;
+  }
+
+  public String getName() {
+    return name;
+  }
+}

http://git-wip-us.apache.org/repos/asf/sqoop/blob/d7ba495a/core/src/main/java/org/apache/sqoop/security/AuthorizationAccessController.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/sqoop/security/AuthorizationAccessController.java
b/core/src/main/java/org/apache/sqoop/security/AuthorizationAccessController.java
index 698a940..54fa556 100644
--- a/core/src/main/java/org/apache/sqoop/security/AuthorizationAccessController.java
+++ b/core/src/main/java/org/apache/sqoop/security/AuthorizationAccessController.java
@@ -17,12 +17,100 @@
  */
 package org.apache.sqoop.security;
 
-import org.apache.log4j.Logger;
+import org.apache.sqoop.common.SqoopException;
+import org.apache.sqoop.model.MPrincipal;
+import org.apache.sqoop.model.MPrivilege;
+import org.apache.sqoop.model.MResource;
+import org.apache.sqoop.model.MRole;
+
+import java.util.List;
 
 /***
  * AuthorizationAccessController is responsible for managing access rule and principal.
  */
 public abstract class AuthorizationAccessController {
 
-  private static final Logger LOG = Logger.getLogger(AuthorizationAccessController.class);
+  /**
+   * Role related function
+   */
+  public abstract List<MRole> getAllRoles() throws SqoopException;
+
+  public abstract MRole getRole(String name) throws SqoopException;
+
+  public abstract List<MRole> getRolesByPrincipal(MPrincipal principal) throws SqoopException;
+
+  public abstract List<MRole> getRolesByPrivilege(MPrivilege privilege) throws SqoopException;
+
+  public abstract void createRole(String name) throws SqoopException;
+
+  public abstract void updateRole(String old_name, String new_name) throws SqoopException;
+
+  public abstract void removeRole(String name) throws SqoopException;
+
+  /**
+   * Principal related function
+   */
+  public abstract List<MPrincipal> getAllPrincipals() throws SqoopException;
+
+  public abstract List<MPrincipal> getPrincipalsByName(String name) throws SqoopException;
+
+  public abstract List<MPrincipal> getPrincipalsByType(String type) throws SqoopException;
+
+  public abstract MPrincipal getPrincipal(String name, String type) throws SqoopException;
+
+  public abstract List<MPrincipal> getPrincipalsByRole(MRole role) throws SqoopException;
+
+  public abstract void createPrincipal(String name, String type) throws SqoopException;
+
+  public abstract void updatePrincipal(MPrincipal old_principal, MPrincipal new_principal)
throws SqoopException;
+
+  public abstract void removePrincipalsByName(String name) throws SqoopException;
+
+  public abstract void removePrincipalsByType(String type) throws SqoopException;
+
+  public abstract void removePrincipal(MPrincipal principal) throws SqoopException;
+
+  public abstract void grantRole(List<MPrincipal> principals, List<MRole> roles)
throws SqoopException;
+
+  public abstract void revokeRole(List<MPrincipal> principals, List<MRole> roles)
throws SqoopException;
+
+  /**
+   * Resource related function
+   */
+  public abstract List<MResource> getAllResources() throws SqoopException;
+
+  public abstract List<MResource> getResourcesByType(String type) throws SqoopException;
+
+  public abstract MResource getResource(String name, String type) throws SqoopException;
+
+  public abstract void createResource(String name, String type) throws SqoopException;
+
+  public abstract void updateResource(MResource old_resource, MResource new_resource) throws
SqoopException;
+
+  public abstract void removeResourcesByType(String type) throws SqoopException;
+
+  public abstract void removeResource(MResource resource) throws SqoopException;
+
+  /**
+   * Privilege related function
+   */
+  public abstract List<MPrivilege> getAllPrivileges() throws SqoopException;
+
+  public abstract MPrivilege getPrivilegeByName(String name) throws SqoopException;
+
+  public abstract List<MPrivilege> getPrivilegesByResource(MResource resource) throws
SqoopException;
+
+  public abstract List<MPrivilege> getPrivilegesByRole(MRole role) throws SqoopException;
+
+  public abstract void createPrivilege(String name, MResource resource, String action, boolean
with_grant_option) throws SqoopException;
+
+  public abstract void updatePrivilege(MPrivilege old_privilege, MPrivilege new_privilege)
throws SqoopException;
+
+  public abstract void removePrivilege(String name) throws SqoopException;
+
+  public abstract void removePrivilegesByResource(MResource resource) throws SqoopException;
+
+  public abstract void grantPrivileges(List<MPrincipal> principals, List<MPrivilege>
privileges) throws SqoopException;
+
+  public abstract void revokePrivileges(List<MPrincipal> principals, List<MPrivilege>
privileges) throws SqoopException;
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sqoop/blob/d7ba495a/core/src/main/java/org/apache/sqoop/security/AuthorizationHandler.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/sqoop/security/AuthorizationHandler.java b/core/src/main/java/org/apache/sqoop/security/AuthorizationHandler.java
index 865c6dc..51fc2dc 100644
--- a/core/src/main/java/org/apache/sqoop/security/AuthorizationHandler.java
+++ b/core/src/main/java/org/apache/sqoop/security/AuthorizationHandler.java
@@ -18,31 +18,104 @@
 package org.apache.sqoop.security;
 
 import org.apache.log4j.Logger;
+import org.apache.sqoop.common.SqoopException;
+import org.apache.sqoop.model.MPrincipal;
+import org.apache.sqoop.model.MPrivilege;
+import org.apache.sqoop.model.MResource;
+import org.apache.sqoop.model.MRole;
+
+import java.util.List;
 
 /***
  * AuthorizationHandler is responsible for controlling role based access.
  */
 public abstract class AuthorizationHandler {
 
-  private static final Logger LOG = Logger.getLogger(AuthorizationHandler.class);
+  public abstract void doInitialize() throws ClassNotFoundException, IllegalAccessException,
InstantiationException;
+
+  /**
+   * Role related function
+   */
+  public abstract List<MRole> getAllRoles() throws SqoopException;
+
+  public abstract MRole getRole(String name) throws SqoopException;
+
+  public abstract List<MRole> getRolesByPrincipal(MPrincipal principal) throws SqoopException;
+
+  public abstract List<MRole> getRolesByPrivilege(MPrivilege privilege) throws SqoopException;
+
+  public abstract void createRole(String name) throws SqoopException;
+
+  public abstract void updateRole(String old_name, String new_name) throws SqoopException;
+
+  public abstract void removeRole(String name) throws SqoopException;
+
+  /**
+   * Principal related function
+   */
+  public abstract List<MPrincipal> getAllPrincipals() throws SqoopException;
+
+  public abstract List<MPrincipal> getPrincipalsByName(String name) throws SqoopException;
+
+  public abstract List<MPrincipal> getPrincipalsByType(String type) throws SqoopException;
+
+  public abstract MPrincipal getPrincipal(String name, String type) throws SqoopException;
+
+  public abstract List<MPrincipal> getPrincipalsByRole(MRole role) throws SqoopException;
+
+  public abstract void createPrincipal(String name, String type) throws SqoopException;
+
+  public abstract void updatePrincipal(MPrincipal old_principal, MPrincipal new_principal)
throws SqoopException;
+
+  public abstract void removePrincipalsByName(String name) throws SqoopException;
+
+  public abstract void removePrincipalsByType(String type) throws SqoopException;
+
+  public abstract void removePrincipal(MPrincipal principal) throws SqoopException;
+
+  public abstract void grantRole(List<MPrincipal> principals, List<MRole> roles)
throws SqoopException;
+
+  public abstract void revokeRole(List<MPrincipal> principals, List<MRole> roles)
throws SqoopException;
+
+  /**
+   * Resource related function
+   */
+  public abstract List<MResource> getAllResources() throws SqoopException;
+
+  public abstract List<MResource> getResourcesByType(String type) throws SqoopException;
+
+  public abstract MResource getResource(String name, String type) throws SqoopException;
+
+  public abstract void createResource(String name, String type) throws SqoopException;
+
+  public abstract void updateResource(MResource old_resource, MResource new_resource) throws
SqoopException;
+
+  public abstract void removeResourcesByType(String type) throws SqoopException;
+
+  public abstract void removeResource(MResource resource) throws SqoopException;
+
+  /**
+   * Privilege related function
+   */
+  public abstract List<MPrivilege> getAllPrivileges() throws SqoopException;
+
+  public abstract MPrivilege getPrivilegeByName(String name) throws SqoopException;
+
+  public abstract List<MPrivilege> getPrivilegesByResource(MResource resource) throws
SqoopException;
+
+  public abstract List<MPrivilege> getPrivilegesByRole(MRole role) throws SqoopException;
+
+  public abstract void createPrivilege(String name, MResource resource, String action, boolean
with_grant_option) throws SqoopException;
 
-  protected AuthorizationAccessController authorizationAccessController;
+  public abstract void updatePrivilege(MPrivilege old_privilege, MPrivilege new_privilege)
throws SqoopException;
 
-  protected AuthorizationValidator authorizationValidator;
+  public abstract void removePrivilege(String name) throws SqoopException;
 
-  public AuthorizationValidator getAuthorizationValidator() {
-    return authorizationValidator;
-  }
+  public abstract void removePrivilegesByResource(MResource resource) throws SqoopException;
 
-  public void setAuthorizationValidator(AuthorizationValidator authorizationValidator) {
-    this.authorizationValidator = authorizationValidator;
-  }
+  public abstract void grantPrivileges(List<MPrincipal> principals, List<MPrivilege>
privileges) throws SqoopException;
 
-  public AuthorizationAccessController getAuthorizationAccessController() {
-    return authorizationAccessController;
-  }
+  public abstract void revokePrivileges(List<MPrincipal> principals, List<MPrivilege>
privileges) throws SqoopException;
 
-  public void setAuthorizationAccessController(AuthorizationAccessController authorizationAccessController)
{
-    this.authorizationAccessController = authorizationAccessController;
-  }
+  public abstract void checkPrivileges(MPrincipal principal, List<MPrivilege> privileges)
throws SqoopException;
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sqoop/blob/d7ba495a/core/src/main/java/org/apache/sqoop/security/AuthorizationManager.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/sqoop/security/AuthorizationManager.java b/core/src/main/java/org/apache/sqoop/security/AuthorizationManager.java
index 4d66bf7..cfa7a66 100644
--- a/core/src/main/java/org/apache/sqoop/security/AuthorizationManager.java
+++ b/core/src/main/java/org/apache/sqoop/security/AuthorizationManager.java
@@ -35,16 +35,6 @@ public class AuthorizationManager implements Reconfigurable {
   public static final String DEFAULT_AUTHORIZATION_HANDLER = "org.apache.sqoop.security.Authorization.DefaultAuthorizationHandler";
 
   /**
-   * Default authorization access controller
-   */
-  public static final String DEFAULT_AUTHORIZATION_ACCESS_CONTROLLER = "org.apache.sqoop.security.Authorization.DefaultAuthorizationAccessController";
-
-  /**
-   * Default authorization validator
-   */
-  public static final String DEFAULT_AUTHORIZATION_VALIDATOR = "org.apache.sqoop.security.Authorization.DefaultAuthorizationValidator";
-
-  /**
    * Default authorization auto upgrade option value
    */
   protected static boolean DEFAULT_AUTO_UPGRADE = false;
@@ -98,24 +88,12 @@ public class AuthorizationManager implements Reconfigurable {
 
   public synchronized void initialize() throws ClassNotFoundException, IllegalAccessException,
InstantiationException {
     LOG.trace("Begin authorization manager initialization");
-    MapContext mapContext = SqoopConfiguration.getInstance().getContext();
 
-    String handler = mapContext.getString(SecurityConstants.AUTHORIZATION_HANDLER,
-        DEFAULT_AUTHORIZATION_HANDLER).trim();
+    String handler = SqoopConfiguration.getInstance().getContext().getString(
+            SecurityConstants.AUTHORIZATION_HANDLER,
+            DEFAULT_AUTHORIZATION_HANDLER).trim();
     authorizationHandler = SecurityFactory.getAuthorizationHandler(handler);
-
-    String accessController = mapContext.getString(
-            SecurityConstants.AUTHORIZATION_ACCESS_CONTROLLER,
-            DEFAULT_AUTHORIZATION_ACCESS_CONTROLLER).trim();
-    AuthorizationAccessController authorizationAccessController =
-            SecurityFactory.getAuthorizationAccessController(accessController);
-    authorizationHandler.setAuthorizationAccessController(authorizationAccessController);
-
-    String validator = mapContext.getString(SecurityConstants.AUTHORIZATION_VALIDATOR,
-            DEFAULT_AUTHORIZATION_VALIDATOR).trim();
-    AuthorizationValidator authorizationValidator =
-            SecurityFactory.getAuthorizationValidator(validator);
-    authorizationHandler.setAuthorizationValidator(authorizationValidator);
+    authorizationHandler.doInitialize();
 
     LOG.info("Authorization loaded.");
   }

http://git-wip-us.apache.org/repos/asf/sqoop/blob/d7ba495a/core/src/main/java/org/apache/sqoop/security/AuthorizationValidator.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/sqoop/security/AuthorizationValidator.java b/core/src/main/java/org/apache/sqoop/security/AuthorizationValidator.java
index 7c41015..c6482fb 100644
--- a/core/src/main/java/org/apache/sqoop/security/AuthorizationValidator.java
+++ b/core/src/main/java/org/apache/sqoop/security/AuthorizationValidator.java
@@ -17,13 +17,17 @@
  */
 package org.apache.sqoop.security;
 
-import org.apache.log4j.Logger;
+import org.apache.sqoop.common.SqoopException;
+import org.apache.sqoop.model.MPrincipal;
+import org.apache.sqoop.model.MPrivilege;
+
+import java.util.List;
 
 /***
  * AuthorizationHandler is responsible for checking access.
  */
 public abstract class AuthorizationValidator {
 
-  private static final Logger LOG = Logger.getLogger(AuthorizationValidator.class);
+  public abstract void checkPrivileges(MPrincipal principal, List<MPrivilege> privileges)
throws SqoopException;
 
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sqoop/blob/d7ba495a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationAccessController.java
----------------------------------------------------------------------
diff --git a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationAccessController.java
b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationAccessController.java
index c8839f8..02f8f3b 100644
--- a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationAccessController.java
+++ b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationAccessController.java
@@ -18,9 +18,241 @@
 package org.apache.sqoop.security.Authorization;
 
 import org.apache.log4j.Logger;
+import org.apache.sqoop.common.SqoopException;
+import org.apache.sqoop.model.MPrincipal;
+import org.apache.sqoop.model.MPrivilege;
+import org.apache.sqoop.model.MResource;
+import org.apache.sqoop.model.MRole;
 import org.apache.sqoop.security.AuthorizationAccessController;
 
+import java.security.Principal;
+import java.util.List;
+
 public class DefaultAuthorizationAccessController extends AuthorizationAccessController {
 
   private static final Logger LOG = Logger.getLogger(DefaultAuthorizationAccessController.class);
+
+  /**
+   * Role related function
+   */
+  public List<MRole> getAllRoles() throws SqoopException {
+    LOG.debug("Get all roles in default authorization access controller: return null");
+    return null;
+  }
+
+  public MRole getRole(String name) throws SqoopException {
+    LOG.debug("Get role in default authorization access controller: return null");
+    LOG.debug("name: " + name);
+    return null;
+  }
+
+  public List<MRole> getRolesByPrincipal(MPrincipal principal) throws SqoopException
{
+    LOG.debug("Get roles by principal in default authorization access controller: return
null");
+    LOG.debug("principal: " + principal.toString());
+    return null;
+  }
+
+  public List<MRole> getRolesByPrivilege(MPrivilege privilege) throws SqoopException
{
+    LOG.debug("Get roles by privilege in default authorization access controller: return
null");
+    LOG.debug("privilege: " + privilege.toString());
+    return null;
+  }
+
+  public void createRole(String name) throws SqoopException {
+    LOG.debug("Create role in default authorization access controller: empty function");
+    LOG.debug("name: " + name);
+  }
+
+  public void updateRole(String old_name, String new_name) throws SqoopException {
+    LOG.debug("Update role in default authorization access controller: empty function");
+    LOG.debug("old name: " + old_name + ", new name: " + new_name);
+  }
+
+  public void removeRole(String name) throws SqoopException {
+    LOG.debug("Remove role in default authorization access controller: empty function");
+    LOG.debug("name: " + name);
+  }
+
+  /**
+   * Principal related function
+   */
+  public List<MPrincipal> getAllPrincipals() throws SqoopException {
+    LOG.debug("Get all principals in default authorization access controller: return null");
+    return null;
+  }
+
+  public List<MPrincipal> getPrincipalsByName(String name) throws SqoopException {
+    LOG.debug("Get principals by name in default authorization access controller: return
null");
+    LOG.debug("name: " + name);
+    return null;
+  }
+
+  public List<MPrincipal> getPrincipalsByType(String type) throws SqoopException {
+    LOG.debug("Get principals by type in default authorization access controller: return
null");
+    LOG.debug("type: " + type);
+    return null;
+  }
+
+  public MPrincipal getPrincipal(String name, String type) throws SqoopException {
+    LOG.debug("Get principal in default authorization access controller: return null");
+    LOG.debug("name: " + name + ", type: " + type);
+    return null;
+  }
+
+  public List<MPrincipal> getPrincipalsByRole(MRole role) throws SqoopException {
+    LOG.debug("Get principals by role in default authorization access controller: return
null");
+    LOG.debug("role: " + role.toString());
+    return null;
+  }
+
+  public void createPrincipal(String name, String type) throws SqoopException {
+    LOG.debug("Create principal in default authorization access controller: empty function");
+    LOG.debug("name: " + name + ", type: " + type);
+  }
+
+  public void updatePrincipal(MPrincipal old_principal, MPrincipal new_principal) throws
SqoopException {
+    LOG.debug("Update principal in default authorization access controller: empty function");
+    LOG.debug("old principal: " + old_principal + ", new principal: " + new_principal);
+  }
+
+  public void removePrincipalsByName(String name) throws SqoopException {
+    LOG.debug("Remove principals by name in default authorization access controller: empty
function");
+    LOG.debug("name: " + name);
+  }
+
+  public void removePrincipalsByType(String type) throws SqoopException {
+    LOG.debug("Remove principals by type in default authorization access controller: empty
function");
+    LOG.debug("type: " + type);
+  }
+
+  public void removePrincipal(MPrincipal principal) throws SqoopException {
+    LOG.debug("Remove principal in default authorization access controller: empty function");
+    LOG.debug("principal: " + principal.toString());
+  }
+
+  public void grantRole(List<MPrincipal> principals, List<MRole> roles) throws
SqoopException {
+    LOG.debug("Grant role in default authorization access controller: empty function");
+    for (MPrincipal principal : principals) {
+      LOG.debug("principal: " + principal.toString());
+    }
+    for (MRole role : roles) {
+      LOG.debug("role: " + role.toString());
+    }
+  }
+
+  public void revokeRole(List<MPrincipal> principals, List<MRole> roles) throws
SqoopException {
+    LOG.debug("Revoke role in default authorization access controller: empty function");
+    for (MPrincipal principal : principals) {
+      LOG.debug("principal: " + principal.toString());
+    }
+    for (MRole role : roles) {
+      LOG.debug("role: " + role.toString());
+    }
+  }
+
+  /**
+   * Resource related function
+   */
+  public List<MResource> getAllResources() throws SqoopException {
+    LOG.debug("Get all resources in default authorization access controller: return null");
+    return null;
+  }
+
+  public List<MResource> getResourcesByType(String type) throws SqoopException {
+    LOG.debug("Get resources by type in default authorization access controller: return null");
+    LOG.debug("type: " + type);
+    return null;
+  }
+
+  public MResource getResource(String name, String type) throws SqoopException {
+    LOG.debug("Get resource in default authorization access controller: return null");
+    LOG.debug("name: " + name + ", type: " + type);
+    return null;
+  }
+
+  public void createResource(String name, String type) throws SqoopException {
+    LOG.debug("Create resource in default authorization access controller: empty function");
+    LOG.debug("name: " + name + ", type: " + type);
+  }
+
+  public void updateResource(MResource old_resource, MResource new_resource) throws SqoopException
{
+    LOG.debug("Update resource in default authorization access controller: empty function");
+    LOG.debug("old_resource: " + old_resource + ", new_resource: " + new_resource);
+  }
+
+  public void removeResourcesByType(String type) throws SqoopException {
+    LOG.debug("Remove resource by type in default authorization access controller: empty
function");
+    LOG.debug("type: " + type);
+  }
+
+  public void removeResource(MResource resource) throws SqoopException {
+    LOG.debug("Remove resource in default authorization access controller: empty function");
+    LOG.debug("resource: " + resource.toString());
+  }
+
+  /**
+   * Privilege related function
+   */
+  public List<MPrivilege> getAllPrivileges() throws SqoopException {
+    LOG.debug("Get all privileges in default authorization access controller: return null");
+    return null;
+  }
+
+  public MPrivilege getPrivilegeByName(String name) throws SqoopException {
+    LOG.debug("Get privileges by name in default authorization access controller: return
null");
+    LOG.debug("name: " + name);
+    return null;
+  }
+
+  public List<MPrivilege> getPrivilegesByResource(MResource resource) throws SqoopException
{
+    LOG.debug("Get privileges by resource in default authorization access controller: return
null");
+    LOG.debug("resource: " + resource.toString());
+    return null;
+  }
+
+  public List<MPrivilege> getPrivilegesByRole(MRole role) throws SqoopException {
+    LOG.debug("Get privileges by role in default authorization access controller: return
null");
+    LOG.debug("role: " + role.toString());
+    return null;
+  }
+
+  public void createPrivilege(String name, MResource resource, String action, boolean with_grant_option)
throws SqoopException {
+    LOG.debug("Create privilege in default authorization access controller: empty function");
+    LOG.debug("name: " + name + ", resource: " + resource.toString() + ", action: " + action
+ ", with grant option: " + with_grant_option);
+  }
+
+  public void updatePrivilege(MPrivilege old_privilege, MPrivilege new_privilege) throws
SqoopException {
+    LOG.debug("Update privilege in default authorization access controller: empty function");
+    LOG.debug("old_privilege: " + old_privilege + ", new_privilege: " + new_privilege);
+  }
+
+  public void removePrivilege(String name) throws SqoopException {
+    LOG.debug("Remove privilege in default authorization access controller: empty function");
+    LOG.debug("name: " + name);
+  }
+
+  public void removePrivilegesByResource(MResource resource) throws SqoopException {
+    LOG.debug("Remove privileges by resource in default authorization access controller:
empty function");
+    LOG.debug("resource: " + resource.toString());
+  }
+
+  public void grantPrivileges(List<MPrincipal> principals, List<MPrivilege> privileges)
throws SqoopException {
+    LOG.debug("Grant privileges in default authorization access controller: empty function");
+    for (MPrincipal principal : principals) {
+      LOG.debug("principal: " + principal.toString());
+    }
+    for (MPrivilege privilege : privileges) {
+      LOG.debug("privilege: " + privilege.toString());
+    }
+  }
+
+  public void revokePrivileges(List<MPrincipal> principals, List<MPrivilege>
privileges) throws SqoopException {
+    LOG.debug("Revoke privileges in default authorization access controller: empty function");
+    for (MPrincipal principal : principals) {
+      LOG.debug("principal: " + principal.toString());
+    }
+    for (MPrivilege privilege : privileges) {
+      LOG.debug("privilege: " + privilege.toString());
+    }
+  }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sqoop/blob/d7ba495a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationHandler.java
----------------------------------------------------------------------
diff --git a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationHandler.java
b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationHandler.java
index a176b4d..9cd2e33 100644
--- a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationHandler.java
+++ b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationHandler.java
@@ -18,9 +18,221 @@
 package org.apache.sqoop.security.Authorization;
 
 import org.apache.log4j.Logger;
-import org.apache.sqoop.security.AuthorizationHandler;
+import org.apache.sqoop.common.MapContext;
+import org.apache.sqoop.common.SqoopException;
+import org.apache.sqoop.core.SqoopConfiguration;
+import org.apache.sqoop.model.MPrincipal;
+import org.apache.sqoop.model.MPrivilege;
+import org.apache.sqoop.model.MResource;
+import org.apache.sqoop.model.MRole;
+import org.apache.sqoop.security.*;
+
+import java.util.List;
 
 public class DefaultAuthorizationHandler extends AuthorizationHandler {
 
+  /**
+   * Default authorization access controller
+   */
+  public static final String DEFAULT_AUTHORIZATION_ACCESS_CONTROLLER = "org.apache.sqoop.security.Authorization.DefaultAuthorizationAccessController";
+
+  /**
+   * Default authorization validator
+   */
+  public static final String DEFAULT_AUTHORIZATION_VALIDATOR = "org.apache.sqoop.security.Authorization.DefaultAuthorizationValidator";
+
   private static final Logger LOG = Logger.getLogger(DefaultAuthorizationHandler.class);
+
+  protected AuthorizationAccessController authorizationAccessController;
+
+  protected AuthorizationValidator authorizationValidator;
+
+  public AuthorizationValidator getAuthorizationValidator() {
+    return authorizationValidator;
+  }
+
+  public void setAuthorizationValidator(AuthorizationValidator authorizationValidator) {
+    this.authorizationValidator = authorizationValidator;
+  }
+
+  public AuthorizationAccessController getAuthorizationAccessController() {
+    return authorizationAccessController;
+  }
+
+  public void setAuthorizationAccessController(AuthorizationAccessController authorizationAccessController)
{
+    this.authorizationAccessController = authorizationAccessController;
+  }
+
+  public void doInitialize() throws ClassNotFoundException, IllegalAccessException, InstantiationException
{
+    MapContext mapContext = SqoopConfiguration.getInstance().getContext();
+    String accessController = mapContext.getString(
+            SecurityConstants.AUTHORIZATION_ACCESS_CONTROLLER,
+            DEFAULT_AUTHORIZATION_ACCESS_CONTROLLER).trim();
+    this.authorizationAccessController = SecurityFactory.getAuthorizationAccessController(accessController);
+
+    String validator = mapContext.getString(
+            SecurityConstants.AUTHORIZATION_VALIDATOR,
+            DEFAULT_AUTHORIZATION_VALIDATOR).trim();
+    this.authorizationValidator = SecurityFactory.getAuthorizationValidator(validator);
+  }
+
+  /**
+   * Role related function
+   */
+  public List<MRole> getAllRoles() throws SqoopException {
+    return this.authorizationAccessController.getAllRoles();
+  }
+
+  public MRole getRole(String name) throws SqoopException {
+    return this.authorizationAccessController.getRole(name);
+  }
+
+  public List<MRole> getRolesByPrincipal(MPrincipal principal) throws SqoopException
{
+    return this.authorizationAccessController.getRolesByPrincipal(principal);
+  }
+
+  public List<MRole> getRolesByPrivilege(MPrivilege privilege) throws SqoopException
{
+    return this.authorizationAccessController.getRolesByPrivilege(privilege);
+  }
+
+  public void createRole(String name) throws SqoopException {
+    this.authorizationAccessController.createRole(name);
+  }
+
+  public void updateRole(String old_name, String new_name) throws SqoopException {
+    this.authorizationAccessController.updateRole(old_name, new_name);
+  }
+
+  public void removeRole(String name) throws SqoopException {
+    this.authorizationAccessController.removeRole(name);
+  }
+
+  /**
+   * Principal related function
+   */
+  public List<MPrincipal> getAllPrincipals() throws SqoopException {
+    return this.authorizationAccessController.getAllPrincipals();
+  }
+
+  public List<MPrincipal> getPrincipalsByName(String name) throws SqoopException {
+    return this.authorizationAccessController.getPrincipalsByName(name);
+  }
+
+  public List<MPrincipal> getPrincipalsByType(String type) throws SqoopException {
+    return this.authorizationAccessController.getPrincipalsByType(type);
+  }
+
+  public MPrincipal getPrincipal(String name, String type) throws SqoopException {
+    return this.authorizationAccessController.getPrincipal(name, type);
+  }
+
+  public List<MPrincipal> getPrincipalsByRole(MRole role) throws SqoopException {
+    return this.authorizationAccessController.getPrincipalsByRole(role);
+  }
+
+  public void createPrincipal(String name, String type) throws SqoopException {
+    this.authorizationAccessController.createPrincipal(name, type);
+  }
+
+  public void updatePrincipal(MPrincipal old_principal, MPrincipal new_principal) throws
SqoopException {
+    this.authorizationAccessController.updatePrincipal(old_principal, new_principal);
+  }
+
+  public void removePrincipalsByName(String name) throws SqoopException {
+    this.authorizationAccessController.removePrincipalsByName(name);
+  }
+
+  public void removePrincipalsByType(String type) throws SqoopException {
+    this.authorizationAccessController.removePrincipalsByType(type);
+  }
+
+  public void removePrincipal(MPrincipal principal) throws SqoopException {
+    this.authorizationAccessController.removePrincipal(principal);
+  }
+
+  public void grantRole(List<MPrincipal> principals, List<MRole> roles) throws
SqoopException {
+    this.authorizationAccessController.grantRole(principals, roles);
+  }
+
+  public void revokeRole(List<MPrincipal> principals, List<MRole> roles) throws
SqoopException {
+    this.authorizationAccessController.revokeRole(principals, roles);
+  }
+
+  /**
+   * Resource related function
+   */
+  public List<MResource> getAllResources() throws SqoopException {
+    return this.authorizationAccessController.getAllResources();
+  }
+
+  public List<MResource> getResourcesByType(String type) throws SqoopException {
+    return this.authorizationAccessController.getResourcesByType(type);
+  }
+
+  public MResource getResource(String name, String type) throws SqoopException {
+    return this.authorizationAccessController.getResource(name, type);
+  }
+
+  public void createResource(String name, String type) throws SqoopException {
+    this.authorizationAccessController.createResource(name, type);
+  }
+
+  public void updateResource(MResource old_resource, MResource new_resource) throws SqoopException
{
+    this.authorizationAccessController.updateResource(old_resource, new_resource);
+  }
+
+  public void removeResourcesByType(String type) throws SqoopException {
+    this.authorizationAccessController.removeResourcesByType(type);
+  }
+
+  public void removeResource(MResource resource) throws SqoopException {
+    this.authorizationAccessController.removeResource(resource);
+  }
+
+  /**
+   * Privilege related function
+   */
+  public List<MPrivilege> getAllPrivileges() throws SqoopException {
+    return this.authorizationAccessController.getAllPrivileges();
+  }
+
+  public MPrivilege getPrivilegeByName(String name) throws SqoopException {
+    return this.authorizationAccessController.getPrivilegeByName(name);
+  }
+
+  public List<MPrivilege> getPrivilegesByResource(MResource resource) throws SqoopException
{
+    return this.authorizationAccessController.getPrivilegesByResource(resource);
+  }
+
+  public List<MPrivilege> getPrivilegesByRole(MRole role) throws SqoopException {
+    return this.authorizationAccessController.getPrivilegesByRole(role);
+  }
+
+  public void createPrivilege(String name, MResource resource, String action, boolean with_grant_option)
throws SqoopException {
+    this.authorizationAccessController.createPrivilege(name, resource, action, with_grant_option);
+  }
+
+  public void updatePrivilege(MPrivilege old_privilege, MPrivilege new_privilege) throws
SqoopException {
+    this.authorizationAccessController.updatePrivilege(old_privilege, new_privilege);
+  }
+
+  public void removePrivilege(String name) throws SqoopException {
+    this.authorizationAccessController.removePrivilege(name);
+  }
+
+  public void removePrivilegesByResource(MResource resource) throws SqoopException {
+    this.authorizationAccessController.removePrivilegesByResource(resource);
+  }
+
+  public void grantPrivileges(List<MPrincipal> principals, List<MPrivilege> privileges)
throws SqoopException {
+    this.authorizationAccessController.grantPrivileges(principals, privileges);
+  }
+
+  public void revokePrivileges(List<MPrincipal> principals, List<MPrivilege>
privileges) throws SqoopException {
+    this.authorizationAccessController.revokePrivileges(principals, privileges);
+  }
+
+  public void checkPrivileges(MPrincipal principal, List<MPrivilege> privileges) throws
SqoopException {
+    this.authorizationValidator.checkPrivileges(principal, privileges);
+  }
 }
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/sqoop/blob/d7ba495a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationValidator.java
----------------------------------------------------------------------
diff --git a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationValidator.java
b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationValidator.java
index 0842c81..bbde281 100644
--- a/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationValidator.java
+++ b/security/src/main/java/org/apache/sqoop/security/Authorization/DefaultAuthorizationValidator.java
@@ -18,9 +18,22 @@
 package org.apache.sqoop.security.Authorization;
 
 import org.apache.log4j.Logger;
+import org.apache.sqoop.common.SqoopException;
+import org.apache.sqoop.model.MPrincipal;
+import org.apache.sqoop.model.MPrivilege;
 import org.apache.sqoop.security.AuthorizationValidator;
 
+import java.util.List;
+
 public class DefaultAuthorizationValidator extends AuthorizationValidator {
 
   private static final Logger LOG = Logger.getLogger(DefaultAuthorizationValidator.class);
+
+  public void checkPrivileges(MPrincipal principal, List<MPrivilege> privileges) throws
SqoopException {
+    LOG.debug("Check privilege in default authorization validator: always valid");
+    LOG.debug("principal: " + principal.toString());
+    for (MPrivilege privilege : privileges) {
+      LOG.debug("privilege: " + privilege.toString());
+    }
+  }
 }
\ No newline at end of file


Mime
View raw message