Пример #1
0
  /**
   * Check if the user+group is authorized to use the specified application.
   *
   * <p>The check is done by checking the file system permissions on the workflow application.
   *
   * @param user user name.
   * @param group group name.
   * @param appPath application path.
   * @param fileName workflow or coordinator.xml
   * @param conf
   * @throws AuthorizationException thrown if the user is not authorized for the app.
   */
  public void authorizeForApp(
      String user, String group, String appPath, String fileName, Configuration conf)
      throws AuthorizationException {
    try {
      HadoopAccessorService has = Services.get().get(HadoopAccessorService.class);
      URI uri = new Path(appPath).toUri();
      Configuration fsConf = has.createJobConf(uri.getAuthority());
      FileSystem fs = has.createFileSystem(user, uri, fsConf);

      Path path = new Path(appPath);
      try {
        if (!fs.exists(path)) {
          incrCounter(INSTR_FAILED_AUTH_COUNTER, 1);
          throw new AuthorizationException(ErrorCode.E0504, appPath);
        }
        if (conf.get(XOozieClient.IS_PROXY_SUBMISSION)
            == null) { // Only further check existence of job definition files for non proxy
                       // submission jobs;
          if (!fs.isFile(path)) {
            Path appXml = new Path(path, fileName);
            if (!fs.exists(appXml)) {
              incrCounter(INSTR_FAILED_AUTH_COUNTER, 1);
              throw new AuthorizationException(ErrorCode.E0505, appPath);
            }
            if (!fs.isFile(appXml)) {
              incrCounter(INSTR_FAILED_AUTH_COUNTER, 1);
              throw new AuthorizationException(ErrorCode.E0506, appPath);
            }
            fs.open(appXml).close();
          }
        }
      }
      // TODO change this when stopping support of 0.18 to the new
      // Exception
      catch (org.apache.hadoop.fs.permission.AccessControlException ex) {
        incrCounter(INSTR_FAILED_AUTH_COUNTER, 1);
        throw new AuthorizationException(ErrorCode.E0507, appPath, ex.getMessage(), ex);
      }
    } catch (IOException ex) {
      incrCounter(INSTR_FAILED_AUTH_COUNTER, 1);
      throw new AuthorizationException(ErrorCode.E0501, ex.getMessage(), ex);
    } catch (HadoopAccessorException e) {
      throw new AuthorizationException(e);
    }
  }
Пример #2
0
  /**
   * Check if the user+group is authorized to use the specified application.
   *
   * <p>The check is done by checking the file system permissions on the workflow application.
   *
   * @param user user name.
   * @param group group name.
   * @param appPath application path.
   * @throws AuthorizationException thrown if the user is not authorized for the app.
   */
  public void authorizeForApp(String user, String group, String appPath, Configuration jobConf)
      throws AuthorizationException {
    try {
      HadoopAccessorService has = Services.get().get(HadoopAccessorService.class);
      URI uri = new Path(appPath).toUri();
      Configuration fsConf = has.createJobConf(uri.getAuthority());
      FileSystem fs = has.createFileSystem(user, uri, fsConf);

      Path path = new Path(appPath);
      try {
        if (!fs.exists(path)) {
          incrCounter(INSTR_FAILED_AUTH_COUNTER, 1);
          throw new AuthorizationException(ErrorCode.E0504, appPath);
        }
        Path wfXml = new Path(path, "workflow.xml");
        if (!fs.exists(wfXml)) {
          incrCounter(INSTR_FAILED_AUTH_COUNTER, 1);
          throw new AuthorizationException(ErrorCode.E0505, appPath);
        }
        if (!fs.isFile(wfXml)) {
          incrCounter(INSTR_FAILED_AUTH_COUNTER, 1);
          throw new AuthorizationException(ErrorCode.E0506, appPath);
        }
        fs.open(wfXml).close();
      }
      // TODO change this when stopping support of 0.18 to the new
      // Exception
      catch (org.apache.hadoop.fs.permission.AccessControlException ex) {
        incrCounter(INSTR_FAILED_AUTH_COUNTER, 1);
        throw new AuthorizationException(ErrorCode.E0507, appPath, ex.getMessage(), ex);
      }
    } catch (IOException ex) {
      incrCounter(INSTR_FAILED_AUTH_COUNTER, 1);
      throw new AuthorizationException(ErrorCode.E0501, ex.getMessage(), ex);
    } catch (HadoopAccessorException e) {
      throw new AuthorizationException(e);
    }
  }