Ejemplo n.º 1
0
  /**
   * KLUDGE - Until ACL is mandated entity passed should be decorated for equals check to pass.
   * existingEntity in config store will have teh decoration and equals check fails if entity passed
   * is not decorated for checking if entity already exists.
   *
   * @param entity entity
   */
  private void decorateEntityWithACL(Entity entity) {
    if (SecurityUtil.isAuthorizationEnabled() || entity.getACL() != null) {
      return; // not necessary to decorate
    }

    final String proxyUser = CurrentUser.getUser();
    final String defaultGroupName = CurrentUser.getPrimaryGroupName();
    switch (entity.getEntityType()) {
      case CLUSTER:
        org.apache.falcon.entity.v0.cluster.ACL clusterACL =
            new org.apache.falcon.entity.v0.cluster.ACL();
        clusterACL.setOwner(proxyUser);
        clusterACL.setGroup(defaultGroupName);
        ((org.apache.falcon.entity.v0.cluster.Cluster) entity).setACL(clusterACL);
        break;

      case FEED:
        org.apache.falcon.entity.v0.feed.ACL feedACL = new org.apache.falcon.entity.v0.feed.ACL();
        feedACL.setOwner(proxyUser);
        feedACL.setGroup(defaultGroupName);
        ((org.apache.falcon.entity.v0.feed.Feed) entity).setACL(feedACL);
        break;

      case PROCESS:
        org.apache.falcon.entity.v0.process.ACL processACL =
            new org.apache.falcon.entity.v0.process.ACL();
        processACL.setOwner(proxyUser);
        processACL.setGroup(defaultGroupName);
        ((org.apache.falcon.entity.v0.process.Process) entity).setACL(processACL);
        break;

      default:
        break;
    }
  }
Ejemplo n.º 2
0
  protected boolean isEntityAuthorized(Entity entity) {
    try {
      SecurityUtil.getAuthorizationProvider()
          .authorizeEntity(
              entity.getName(),
              entity.getEntityType().toString(),
              entity.getACL(),
              "list",
              CurrentUser.getAuthenticatedUGI());
    } catch (Exception e) {
      LOG.info(
          "Authorization failed for entity="
              + entity.getName()
              + " for user="
              + CurrentUser.getUser(),
          e);
      return false;
    }

    return true;
  }