minor, refine acl
Project: http://git-wip-us.apache.org/repos/asf/kylin/repo Commit: http://git-wip-us.apache.org/repos/asf/kylin/commit/d91f5229 Tree: http://git-wip-us.apache.org/repos/asf/kylin/tree/d91f5229 Diff: http://git-wip-us.apache.org/repos/asf/kylin/diff/d91f5229 Branch: refs/heads/master Commit: d91f522904424f59d817bbcde10c47cc68f04d9d Parents: 3ae8ca7 Author: Roger Shi <rogershijich...@hotmail.com> Authored: Fri Jun 30 20:52:03 2017 +0800 Committer: Hongbin Ma <m...@kyligence.io> Committed: Fri Jun 30 20:57:18 2017 +0800 ---------------------------------------------------------------------- .../hbase/ITAclTableMigrationToolTest.java | 10 ++-- .../rest/controller2/ProjectControllerV2.java | 4 ++ .../org/apache/kylin/rest/msg/CnMessage.java | 2 +- .../java/org/apache/kylin/rest/msg/Message.java | 2 +- .../apache/kylin/rest/security/ManagedUser.java | 54 +++++++++++++++++--- .../rest/service/AclTableMigrationTool.java | 2 +- .../kylin/rest/service/ServiceTestBase.java | 10 ++-- tool-assembly/pom.xml | 1 + tool/pom.xml | 12 +++++ 9 files changed, 79 insertions(+), 18 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/kylin/blob/d91f5229/kylin-it/src/test/java/org/apache/kylin/storage/hbase/ITAclTableMigrationToolTest.java ---------------------------------------------------------------------- diff --git a/kylin-it/src/test/java/org/apache/kylin/storage/hbase/ITAclTableMigrationToolTest.java b/kylin-it/src/test/java/org/apache/kylin/storage/hbase/ITAclTableMigrationToolTest.java index 2cb671e..05f437d 100644 --- a/kylin-it/src/test/java/org/apache/kylin/storage/hbase/ITAclTableMigrationToolTest.java +++ b/kylin-it/src/test/java/org/apache/kylin/storage/hbase/ITAclTableMigrationToolTest.java @@ -44,7 +44,6 @@ import org.apache.kylin.common.util.Pair; import org.apache.kylin.rest.security.AclConstant; import org.apache.kylin.rest.service.AclService; import org.apache.kylin.rest.service.AclTableMigrationTool; -import org.apache.kylin.rest.service.UserGrantedAuthority; import org.apache.kylin.rest.service.UserService; import org.apache.kylin.rest.util.Serializer; import org.junit.After; @@ -53,6 +52,7 @@ import org.junit.Test; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; import com.fasterxml.jackson.core.JsonProcessingException; @@ -70,7 +70,7 @@ public class ITAclTableMigrationToolTest extends HBaseMetadataTestCase { private TableName userTable = TableName.valueOf(STORE_WITH_OLD_TABLE + AclConstant.USER_TABLE_NAME); - private Serializer<UserGrantedAuthority[]> ugaSerializer = new Serializer<UserGrantedAuthority[]>(UserGrantedAuthority[].class); + private Serializer<SimpleGrantedAuthority[]> ugaSerializer = new Serializer<>(SimpleGrantedAuthority[].class); private AclTableMigrationTool aclTableMigrationJob; @@ -192,13 +192,13 @@ public class ITAclTableMigrationToolTest extends HBaseMetadataTestCase { if (authorities == null) authorities = Collections.emptyList(); - UserGrantedAuthority[] serializing = new UserGrantedAuthority[authorities.size() + 1]; + SimpleGrantedAuthority[] serializing = new SimpleGrantedAuthority[authorities.size() + 1]; // password is stored as the [0] authority - serializing[0] = new UserGrantedAuthority(AclConstant.PWD_PREFIX + "password"); + serializing[0] = new SimpleGrantedAuthority(AclConstant.PWD_PREFIX + "password"); int i = 1; for (GrantedAuthority a : authorities) { - serializing[i++] = new UserGrantedAuthority(a.getAuthority()); + serializing[i++] = new SimpleGrantedAuthority(a.getAuthority()); } byte[] value = ugaSerializer.serialize(serializing); http://git-wip-us.apache.org/repos/asf/kylin/blob/d91f5229/server-base/src/main/java/org/apache/kylin/rest/controller2/ProjectControllerV2.java ---------------------------------------------------------------------- diff --git a/server-base/src/main/java/org/apache/kylin/rest/controller2/ProjectControllerV2.java b/server-base/src/main/java/org/apache/kylin/rest/controller2/ProjectControllerV2.java index a25e5b1..d6ac8f2 100644 --- a/server-base/src/main/java/org/apache/kylin/rest/controller2/ProjectControllerV2.java +++ b/server-base/src/main/java/org/apache/kylin/rest/controller2/ProjectControllerV2.java @@ -142,6 +142,10 @@ public class ProjectControllerV2 extends BasicController { if (projectDesc.getName().equals(currentProject.getName())) { updatedProj = projectService.updateProject(projectDesc, currentProject); } else { + if (!isProjectEmpty(formerProjectName)) { + throw new BadRequestException(msg.getDELETE_PROJECT_NOT_EMPTY()); + } + // disable project rename updatedProj = projectService.renameProject(projectDesc, currentProject); } return new EnvelopeResponse(ResponseCode.CODE_SUCCESS, updatedProj, ""); http://git-wip-us.apache.org/repos/asf/kylin/blob/d91f5229/server-base/src/main/java/org/apache/kylin/rest/msg/CnMessage.java ---------------------------------------------------------------------- diff --git a/server-base/src/main/java/org/apache/kylin/rest/msg/CnMessage.java b/server-base/src/main/java/org/apache/kylin/rest/msg/CnMessage.java index a828aa0..e086b68 100644 --- a/server-base/src/main/java/org/apache/kylin/rest/msg/CnMessage.java +++ b/server-base/src/main/java/org/apache/kylin/rest/msg/CnMessage.java @@ -246,7 +246,7 @@ public class CnMessage extends Message { } public String getDELETE_PROJECT_NOT_EMPTY() { - return "ä¸è½å é¤è¯¥é¡¹ç®ï¼å¦éè¦å é¤è¯·å æ¸ ç©ºå ¶ä¸çCubeåModel"; + return "ä¸è½ä¿®æ¹è¯¥é¡¹ç®ï¼å¦éè¦ä¿®æ¹è¯·å æ¸ ç©ºå ¶ä¸çCubeåModel"; } public String getRENAME_PROJECT_NOT_EMPTY() { http://git-wip-us.apache.org/repos/asf/kylin/blob/d91f5229/server-base/src/main/java/org/apache/kylin/rest/msg/Message.java ---------------------------------------------------------------------- diff --git a/server-base/src/main/java/org/apache/kylin/rest/msg/Message.java b/server-base/src/main/java/org/apache/kylin/rest/msg/Message.java index 45c1a65..f48a217 100644 --- a/server-base/src/main/java/org/apache/kylin/rest/msg/Message.java +++ b/server-base/src/main/java/org/apache/kylin/rest/msg/Message.java @@ -246,7 +246,7 @@ public class Message { } public String getDELETE_PROJECT_NOT_EMPTY() { - return "Cannot delete non-empty project"; + return "Cannot modify non-empty project"; } // Table http://git-wip-us.apache.org/repos/asf/kylin/blob/d91f5229/server-base/src/main/java/org/apache/kylin/rest/security/ManagedUser.java ---------------------------------------------------------------------- diff --git a/server-base/src/main/java/org/apache/kylin/rest/security/ManagedUser.java b/server-base/src/main/java/org/apache/kylin/rest/security/ManagedUser.java index 280339e..69326a7 100644 --- a/server-base/src/main/java/org/apache/kylin/rest/security/ManagedUser.java +++ b/server-base/src/main/java/org/apache/kylin/rest/security/ManagedUser.java @@ -18,6 +18,7 @@ package org.apache.kylin.rest.security; +import java.io.IOException; import java.util.Collection; import java.util.Iterator; import java.util.List; @@ -25,10 +26,20 @@ import java.util.List; import org.apache.kylin.common.persistence.RootPersistentEntity; import org.apache.kylin.rest.service.UserGrantedAuthority; import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; import com.fasterxml.jackson.annotation.JsonAutoDetect; import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.core.JsonGenerator; +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonSerializer; +import com.fasterxml.jackson.databind.SerializerProvider; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import com.fasterxml.jackson.databind.annotation.JsonSerialize; import com.google.common.collect.Lists; @SuppressWarnings("serial") @@ -40,7 +51,9 @@ public class ManagedUser extends RootPersistentEntity implements UserDetails { @JsonProperty private String password; @JsonProperty - private List<UserGrantedAuthority> authorities = Lists.newArrayList(); + @JsonSerialize(using = SimpleGrantedAuthoritySerializer.class) + @JsonDeserialize(using = SimpleGrantedAuthorityDeserializer.class) + private List<SimpleGrantedAuthority> authorities = Lists.newArrayList(); @JsonProperty private boolean disabled = false; @JsonProperty @@ -60,7 +73,7 @@ public class ManagedUser extends RootPersistentEntity implements UserDetails { } public ManagedUser(@JsonProperty String username, @JsonProperty String password, - @JsonProperty List<UserGrantedAuthority> authorities, @JsonProperty boolean disabled, + @JsonProperty List<SimpleGrantedAuthority> authorities, @JsonProperty boolean disabled, @JsonProperty boolean defaultPassword, @JsonProperty boolean locked, @JsonProperty long lockedTime, @JsonProperty int wrongTime) { this.username = username; @@ -82,7 +95,7 @@ public class ManagedUser extends RootPersistentEntity implements UserDetails { this.authorities = Lists.newArrayList(); for (String a : authoritiesStr) { - authorities.add(new UserGrantedAuthority(a)); + authorities.add(new SimpleGrantedAuthority(a)); } caterLegacy(); @@ -116,7 +129,7 @@ public class ManagedUser extends RootPersistentEntity implements UserDetails { } private void caterLegacy() { - Iterator<UserGrantedAuthority> iterator = authorities.iterator(); + Iterator<SimpleGrantedAuthority> iterator = authorities.iterator(); while (iterator.hasNext()) { if (DISABLED_ROLE.equals(iterator.next().getAuthority())) { iterator.remove(); @@ -125,14 +138,14 @@ public class ManagedUser extends RootPersistentEntity implements UserDetails { } } - public List<UserGrantedAuthority> getAuthorities() { + public List<SimpleGrantedAuthority> getAuthorities() { return this.authorities; } public void setGrantedAuthorities(Collection<? extends GrantedAuthority> grantedAuthorities) { this.authorities = Lists.newArrayList(); for (GrantedAuthority grantedAuthority : grantedAuthorities) { - this.authorities.add(new UserGrantedAuthority(grantedAuthority.getAuthority())); + this.authorities.add(new SimpleGrantedAuthority(grantedAuthority.getAuthority())); } } @@ -228,4 +241,33 @@ public class ManagedUser extends RootPersistentEntity implements UserDetails { public String toString() { return "ManagedUser [username=" + username + ", authorities=" + authorities + "]"; } + + private static class SimpleGrantedAuthoritySerializer extends JsonSerializer<List<SimpleGrantedAuthority>> { + + @Override + public void serialize(List<SimpleGrantedAuthority> value, JsonGenerator gen, SerializerProvider serializers) + throws IOException, JsonProcessingException { + List<UserGrantedAuthority> ugaList = Lists.newArrayList(); + for (SimpleGrantedAuthority sga : value) { + ugaList.add(new UserGrantedAuthority(sga.getAuthority())); + } + + gen.writeObject(ugaList); + } + } + + private static class SimpleGrantedAuthorityDeserializer extends JsonDeserializer<List<SimpleGrantedAuthority>> { + + @Override + public List<SimpleGrantedAuthority> deserialize(JsonParser p, DeserializationContext ctxt) + throws IOException, JsonProcessingException { + UserGrantedAuthority[] ugaArray = p.readValueAs(UserGrantedAuthority[].class); + List<SimpleGrantedAuthority> sgaList = Lists.newArrayList(); + for (UserGrantedAuthority uga : ugaArray) { + sgaList.add(new SimpleGrantedAuthority(uga.getAuthority())); + } + + return sgaList; + } + } } http://git-wip-us.apache.org/repos/asf/kylin/blob/d91f5229/server-base/src/main/java/org/apache/kylin/rest/service/AclTableMigrationTool.java ---------------------------------------------------------------------- diff --git a/server-base/src/main/java/org/apache/kylin/rest/service/AclTableMigrationTool.java b/server-base/src/main/java/org/apache/kylin/rest/service/AclTableMigrationTool.java index 64bac23..029efdc 100644 --- a/server-base/src/main/java/org/apache/kylin/rest/service/AclTableMigrationTool.java +++ b/server-base/src/main/java/org/apache/kylin/rest/service/AclTableMigrationTool.java @@ -193,7 +193,7 @@ public class AclTableMigrationTool { } private DomainObjectInfo getDomainObjectInfoFromRs(Result result) { - String type = String.valueOf(result.getValue(Bytes.toBytes(AclConstant.ACL_INFO_FAMILY), + String type = new String(result.getValue(Bytes.toBytes(AclConstant.ACL_INFO_FAMILY), Bytes.toBytes(AclConstant.ACL_INFO_FAMILY_TYPE_COLUMN))); String id = new String(result.getRow()); DomainObjectInfo newInfo = new DomainObjectInfo(); http://git-wip-us.apache.org/repos/asf/kylin/blob/d91f5229/server/src/test/java/org/apache/kylin/rest/service/ServiceTestBase.java ---------------------------------------------------------------------- diff --git a/server/src/test/java/org/apache/kylin/rest/service/ServiceTestBase.java b/server/src/test/java/org/apache/kylin/rest/service/ServiceTestBase.java index 1d60a53..e2f5258 100644 --- a/server/src/test/java/org/apache/kylin/rest/service/ServiceTestBase.java +++ b/server/src/test/java/org/apache/kylin/rest/service/ServiceTestBase.java @@ -35,6 +35,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.core.Authentication; +import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.test.context.ActiveProfiles; import org.springframework.test.context.ContextConfiguration; @@ -72,18 +73,19 @@ public class ServiceTestBase extends LocalFileMetadataTestCase { if (!userService.userExists("ADMIN")) { userService.createUser(new ManagedUser("ADMIN", "KYLIN", false, Arrays.asList(// - new UserGrantedAuthority(Constant.ROLE_ADMIN), new UserGrantedAuthority(Constant.ROLE_ANALYST), - new UserGrantedAuthority(Constant.ROLE_MODELER)))); + new SimpleGrantedAuthority(Constant.ROLE_ADMIN), new SimpleGrantedAuthority(Constant.ROLE_ANALYST), + new SimpleGrantedAuthority(Constant.ROLE_MODELER)))); } if (!userService.userExists("MODELER")) { userService.createUser(new ManagedUser("MODELER", "MODELER", false, Arrays.asList(// - new UserGrantedAuthority(Constant.ROLE_ANALYST), new UserGrantedAuthority(Constant.ROLE_MODELER)))); + new SimpleGrantedAuthority(Constant.ROLE_ANALYST), + new SimpleGrantedAuthority(Constant.ROLE_MODELER)))); } if (!userService.userExists("ANALYST")) { userService.createUser(new ManagedUser("ANALYST", "ANALYST", false, Arrays.asList(// - new UserGrantedAuthority(Constant.ROLE_ANALYST)))); + new SimpleGrantedAuthority(Constant.ROLE_ANALYST)))); } } http://git-wip-us.apache.org/repos/asf/kylin/blob/d91f5229/tool-assembly/pom.xml ---------------------------------------------------------------------- diff --git a/tool-assembly/pom.xml b/tool-assembly/pom.xml index 0595bdd..df0725b 100644 --- a/tool-assembly/pom.xml +++ b/tool-assembly/pom.xml @@ -104,6 +104,7 @@ <include>org.apache.kylin:*</include> <include>org.springframework.security:spring-security-core</include> <include>org.springframework.security:spring-security-acl</include> + <include>org.springframework:spring-core</include> </includes> </artifactSet> <relocations> http://git-wip-us.apache.org/repos/asf/kylin/blob/d91f5229/tool/pom.xml ---------------------------------------------------------------------- diff --git a/tool/pom.xml b/tool/pom.xml index cced5d2..06a7e5a 100644 --- a/tool/pom.xml +++ b/tool/pom.xml @@ -32,6 +32,10 @@ <version>2.1.0-SNAPSHOT</version> </parent> + <properties> + <spring.framework.version>4.2.8.RELEASE</spring.framework.version> + </properties> + <dependencies> <dependency> <groupId>org.apache.kylin</groupId> @@ -72,6 +76,14 @@ <scope>provided</scope> </dependency> + <!--Spring--> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-core</artifactId> + <version>${spring.framework.version}</version> + <scope>compile</scope> + </dependency> + <!-- Env & Test --> <dependency> <groupId>org.apache.kylin</groupId>
