/**
* KLUDGE - Until ACL is mandated entity passed should be decorated for equals check to pass.
* existingEntity in config store will have teh decoration and equals check fails if entity passed
* is not decorated for checking if entity already exists.
*
* @param entity entity
*/
private void decorateEntityWithACL(Entity entity) {
if (SecurityUtil.isAuthorizationEnabled() || entity.getACL() != null) {
return; // not necessary to decorate
}
final String proxyUser = CurrentUser.getUser();
final String defaultGroupName = CurrentUser.getPrimaryGroupName();
switch (entity.getEntityType()) {
case CLUSTER:
org.apache.falcon.entity.v0.cluster.ACL clusterACL =
new org.apache.falcon.entity.v0.cluster.ACL();
clusterACL.setOwner(proxyUser);
clusterACL.setGroup(defaultGroupName);
((org.apache.falcon.entity.v0.cluster.Cluster) entity).setACL(clusterACL);
break;
case FEED:
org.apache.falcon.entity.v0.feed.ACL feedACL = new org.apache.falcon.entity.v0.feed.ACL();
feedACL.setOwner(proxyUser);
feedACL.setGroup(defaultGroupName);
((org.apache.falcon.entity.v0.feed.Feed) entity).setACL(feedACL);
break;
case PROCESS:
org.apache.falcon.entity.v0.process.ACL processACL =
new org.apache.falcon.entity.v0.process.ACL();
processACL.setOwner(proxyUser);
processACL.setGroup(defaultGroupName);
((org.apache.falcon.entity.v0.process.Process) entity).setACL(processACL);
break;
default:
break;
}
}
protected boolean isEntityAuthorized(Entity entity) {
try {
SecurityUtil.getAuthorizationProvider()
.authorizeEntity(
entity.getName(),
entity.getEntityType().toString(),
entity.getACL(),
"list",
CurrentUser.getAuthenticatedUGI());
} catch (Exception e) {
LOG.info(
"Authorization failed for entity="
+ entity.getName()
+ " for user="
+ CurrentUser.getUser(),
e);
return false;
}
return true;
}
