Example 1 with AccessControlException
use of alluxio.exception.AccessControlException in project alluxio by Alluxio.
the class PermissionChecker method getPermissionInternal.
/**
* Gets the permission to access an inode path given a user and its groups.
*
* @param user the user
* @param groups the groups this user belongs to
* @param path the inode path
* @param inodeList the list of inodes in the path
* @return the permission
*/
private Mode.Bits getPermissionInternal(String user, List<String> groups, String path, List<Inode<?>> inodeList) {
int size = inodeList.size();
Preconditions.checkArgument(size > 0, PreconditionMessage.EMPTY_FILE_INFO_LIST_FOR_PERMISSION_CHECK);
// bypass checking permission for super user or super group of Alluxio file system.
if (isPrivilegedUser(user, groups)) {
return Mode.Bits.ALL;
}
// traverses from root to the parent dir to all inodes included by this path are executable
for (int i = 0; i < size - 1; i++) {
try {
checkInode(user, groups, inodeList.get(i), Mode.Bits.EXECUTE, path);
} catch (AccessControlException e) {
return Mode.Bits.NONE;
}
}
Inode inode = inodeList.get(inodeList.size() - 1);
if (inode == null) {
return Mode.Bits.NONE;
}
Mode.Bits mode = Mode.Bits.NONE;
short permission = inode.getMode();
if (user.equals(inode.getOwner())) {
mode = mode.or(Mode.extractOwnerBits(permission));
}
if (groups.contains(inode.getGroup())) {
mode = mode.or(Mode.extractGroupBits(permission));
}
mode = mode.or(Mode.extractOtherBits(permission));
return mode;
}
Also used :
Inode(alluxio.master.file.meta.Inode)
Mode(alluxio.security.authorization.Mode)
AccessControlException(alluxio.exception.AccessControlException)
Example 2 with AccessControlException
use of alluxio.exception.AccessControlException in project alluxio by Alluxio.
the class WebInterfaceBrowseServlet method doGet.
/**
* Populates attribute fields with data from the MasterInfo associated with this servlet. Errors
* will be displayed in an error field. Debugging can be enabled to display additional data. Will
* eventually redirect the request to a jsp.
*
* @param request the {@link HttpServletRequest} object
* @param response the {@link HttpServletResponse} object
* @throws ServletException if the target resource throws this exception
* @throws IOException if the target resource throws this exception
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
if (SecurityUtils.isSecurityEnabled() && AuthenticatedClientUser.get() == null) {
AuthenticatedClientUser.set(LoginUser.get().getName());
}
request.setAttribute("debug", Configuration.getBoolean(PropertyKey.DEBUG));
request.setAttribute("showPermissions", Configuration.getBoolean(PropertyKey.SECURITY_AUTHORIZATION_PERMISSION_ENABLED));
request.setAttribute("masterNodeAddress", mMaster.getRpcAddress().toString());
request.setAttribute("invalidPathError", "");
List<FileInfo> filesInfo;
String requestPath = request.getParameter("path");
if (requestPath == null || requestPath.isEmpty()) {
requestPath = AlluxioURI.SEPARATOR;
}
AlluxioURI currentPath = new AlluxioURI(requestPath);
request.setAttribute("currentPath", currentPath.toString());
request.setAttribute("viewingOffset", 0);
try {
long fileId = mMaster.getFileSystemMaster().getFileId(currentPath);
FileInfo fileInfo = mMaster.getFileSystemMaster().getFileInfo(fileId);
UIFileInfo currentFileInfo = new UIFileInfo(fileInfo);
if (currentFileInfo.getAbsolutePath() == null) {
throw new FileDoesNotExistException(currentPath.toString());
}
request.setAttribute("currentDirectory", currentFileInfo);
request.setAttribute("blockSizeBytes", currentFileInfo.getBlockSizeBytes());
if (!currentFileInfo.getIsDirectory()) {
String offsetParam = request.getParameter("offset");
long relativeOffset = 0;
long offset;
try {
if (offsetParam != null) {
relativeOffset = Long.parseLong(offsetParam);
}
} catch (NumberFormatException e) {
relativeOffset = 0;
}
String endParam = request.getParameter("end");
// relative to the end of the file.
if (endParam == null) {
offset = relativeOffset;
} else {
offset = fileInfo.getLength() - relativeOffset;
}
if (offset < 0) {
offset = 0;
} else if (offset > fileInfo.getLength()) {
offset = fileInfo.getLength();
}
try {
displayFile(new AlluxioURI(currentFileInfo.getAbsolutePath()), request, offset);
} catch (AlluxioException e) {
throw new IOException(e);
}
request.setAttribute("viewingOffset", offset);
getServletContext().getRequestDispatcher("/viewFile.jsp").forward(request, response);
return;
}
setPathDirectories(currentPath, request);
filesInfo = mMaster.getFileSystemMaster().listStatus(currentPath, ListStatusOptions.defaults().setLoadMetadataType(LoadMetadataType.Always));
} catch (FileDoesNotExistException e) {
request.setAttribute("invalidPathError", "Error: Invalid Path " + e.getMessage());
getServletContext().getRequestDispatcher("/browse.jsp").forward(request, response);
return;
} catch (InvalidPathException e) {
request.setAttribute("invalidPathError", "Error: Invalid Path " + e.getLocalizedMessage());
getServletContext().getRequestDispatcher("/browse.jsp").forward(request, response);
return;
} catch (IOException e) {
request.setAttribute("invalidPathError", "Error: File " + currentPath + " is not available " + e.getMessage());
getServletContext().getRequestDispatcher("/browse.jsp").forward(request, response);
return;
} catch (AccessControlException e) {
request.setAttribute("invalidPathError", "Error: File " + currentPath + " cannot be accessed " + e.getMessage());
getServletContext().getRequestDispatcher("/browse.jsp").forward(request, response);
return;
}
List<UIFileInfo> fileInfos = new ArrayList<>(filesInfo.size());
for (FileInfo fileInfo : filesInfo) {
UIFileInfo toAdd = new UIFileInfo(fileInfo);
try {
if (!toAdd.getIsDirectory() && fileInfo.getLength() > 0) {
FileBlockInfo blockInfo = mMaster.getFileSystemMaster().getFileBlockInfoList(new AlluxioURI(toAdd.getAbsolutePath())).get(0);
List<String> locations = new ArrayList<>();
// add the in-memory block locations
for (BlockLocation location : blockInfo.getBlockInfo().getLocations()) {
WorkerNetAddress address = location.getWorkerAddress();
locations.add(address.getHost() + ":" + address.getDataPort());
}
// add underFS locations
locations.addAll(blockInfo.getUfsLocations());
toAdd.setFileLocations(locations);
}
} catch (FileDoesNotExistException e) {
request.setAttribute("FileDoesNotExistException", "Error: non-existing file " + e.getMessage());
getServletContext().getRequestDispatcher("/browse.jsp").forward(request, response);
return;
} catch (InvalidPathException e) {
request.setAttribute("InvalidPathException", "Error: invalid path " + e.getMessage());
getServletContext().getRequestDispatcher("/browse.jsp").forward(request, response);
} catch (AccessControlException e) {
request.setAttribute("AccessControlException", "Error: File " + currentPath + " cannot be accessed " + e.getMessage());
getServletContext().getRequestDispatcher("/browse.jsp").forward(request, response);
return;
}
fileInfos.add(toAdd);
}
Collections.sort(fileInfos, UIFileInfo.PATH_STRING_COMPARE);
request.setAttribute("nTotalFile", fileInfos.size());
// URL can not determine offset and limit, let javascript in jsp determine and redirect
if (request.getParameter("offset") == null && request.getParameter("limit") == null) {
getServletContext().getRequestDispatcher("/browse.jsp").forward(request, response);
return;
}
try {
int offset = Integer.parseInt(request.getParameter("offset"));
int limit = Integer.parseInt(request.getParameter("limit"));
List<UIFileInfo> sub = fileInfos.subList(offset, offset + limit);
request.setAttribute("fileInfos", sub);
} catch (NumberFormatException e) {
request.setAttribute("fatalError", "Error: offset or limit parse error, " + e.getLocalizedMessage());
getServletContext().getRequestDispatcher("/browse.jsp").forward(request, response);
return;
} catch (IndexOutOfBoundsException e) {
request.setAttribute("fatalError", "Error: offset or offset + limit is out of bound, " + e.getLocalizedMessage());
getServletContext().getRequestDispatcher("/browse.jsp").forward(request, response);
return;
} catch (IllegalArgumentException e) {
request.setAttribute("fatalError", e.getLocalizedMessage());
getServletContext().getRequestDispatcher("/browse.jsp").forward(request, response);
return;
}
getServletContext().getRequestDispatcher("/browse.jsp").forward(request, response);
}
Also used :
FileDoesNotExistException(alluxio.exception.FileDoesNotExistException)
ArrayList(java.util.ArrayList)
AccessControlException(alluxio.exception.AccessControlException)
IOException(java.io.IOException)
FileBlockInfo(alluxio.wire.FileBlockInfo)
BlockLocation(alluxio.wire.BlockLocation)
InvalidPathException(alluxio.exception.InvalidPathException)
FileInfo(alluxio.wire.FileInfo)
WorkerNetAddress(alluxio.wire.WorkerNetAddress)
AlluxioURI(alluxio.AlluxioURI)
AlluxioException(alluxio.exception.AlluxioException)
Example 3 with AccessControlException
use of alluxio.exception.AccessControlException in project alluxio by Alluxio.
the class ReadOnlyMountIntegrationTest method renameFile.
@Test
public void renameFile() throws IOException, AlluxioException {
AlluxioURI srcUri = new AlluxioURI(FILE_PATH);
AlluxioURI dstUri = new AlluxioURI(FILE_PATH + "_renamed");
try {
mFileSystem.rename(srcUri, dstUri);
Assert.fail("rename should not succeed under a readonly mount.");
} catch (AccessControlException e) {
Assert.assertEquals(e.getMessage(), ExceptionMessage.MOUNT_READONLY.getMessage(srcUri, MOUNT_PATH));
}
srcUri = new AlluxioURI(SUB_FILE_PATH);
dstUri = new AlluxioURI(SUB_FILE_PATH + "_renamed");
try {
mFileSystem.rename(srcUri, dstUri);
Assert.fail("rename should not succeed under a readonly mount.");
} catch (AccessControlException e) {
Assert.assertEquals(e.getMessage(), ExceptionMessage.MOUNT_READONLY.getMessage(srcUri, MOUNT_PATH));
}
}
Also used :
AccessControlException(alluxio.exception.AccessControlException)
AlluxioURI(alluxio.AlluxioURI)
Test(org.junit.Test)
Example 4 with AccessControlException
use of alluxio.exception.AccessControlException in project alluxio by Alluxio.
the class ReadOnlyMountIntegrationTest method createFile.
@Test
public void createFile() throws IOException, AlluxioException {
CreateFileOptions writeBoth = CreateFileOptions.defaults().setWriteType(WriteType.CACHE_THROUGH);
AlluxioURI uri = new AlluxioURI(FILE_PATH + "_create");
try {
mFileSystem.createFile(uri, writeBoth).close();
Assert.fail("createFile should not succeed under a readonly mount.");
} catch (AccessControlException e) {
Assert.assertEquals(e.getMessage(), ExceptionMessage.MOUNT_READONLY.getMessage(uri, MOUNT_PATH));
}
uri = new AlluxioURI(SUB_FILE_PATH + "_create");
try {
mFileSystem.createFile(uri, writeBoth).close();
Assert.fail("createFile should not succeed under a readonly mount.");
} catch (AccessControlException e) {
Assert.assertEquals(e.getMessage(), ExceptionMessage.MOUNT_READONLY.getMessage(uri, MOUNT_PATH));
}
}
Also used :
CreateFileOptions(alluxio.client.file.options.CreateFileOptions)
AccessControlException(alluxio.exception.AccessControlException)
AlluxioURI(alluxio.AlluxioURI)
Test(org.junit.Test)
Example 5 with AccessControlException
use of alluxio.exception.AccessControlException in project alluxio by Alluxio.
the class ReadOnlyMountIntegrationTest method createDirectory.
@Test
public void createDirectory() throws IOException, AlluxioException {
AlluxioURI uri = new AlluxioURI(PathUtils.concatPath(MOUNT_PATH, "create"));
try {
mFileSystem.createDirectory(uri);
Assert.fail("createDirectory should not succeed under a readonly mount.");
} catch (AccessControlException e) {
Assert.assertEquals(e.getMessage(), ExceptionMessage.MOUNT_READONLY.getMessage(uri, MOUNT_PATH));
}
uri = new AlluxioURI(PathUtils.concatPath(SUB_DIR_PATH, "create"));
try {
mFileSystem.createDirectory(uri);
Assert.fail("createDirectory should not succeed under a readonly mount.");
} catch (AccessControlException e) {
Assert.assertEquals(e.getMessage(), ExceptionMessage.MOUNT_READONLY.getMessage(uri, MOUNT_PATH));
}
}
Also used :
AccessControlException(alluxio.exception.AccessControlException)
AlluxioURI(alluxio.AlluxioURI)
Test(org.junit.Test)
Aggregations
AccessControlException (alluxio.exception.AccessControlException)64
AlluxioURI (alluxio.AlluxioURI)29
LockedInodePath (alluxio.master.file.meta.LockedInodePath)21
Test (org.junit.Test)21
FileDoesNotExistException (alluxio.exception.FileDoesNotExistException)16
LockingScheme (alluxio.master.file.meta.LockingScheme)15
InvalidPathException (alluxio.exception.InvalidPathException)12
BaseIntegrationTest (alluxio.testutils.BaseIntegrationTest)11
IOException (java.io.IOException)11
ArrayList (java.util.ArrayList)10
Inode (alluxio.master.file.meta.Inode)9
MountTable (alluxio.master.file.meta.MountTable)7
FileInfo (alluxio.wire.FileInfo)7
AlluxioException (alluxio.exception.AlluxioException)4
LockedInodePathList (alluxio.master.file.meta.LockedInodePathList)4
Mode (alluxio.security.authorization.Mode)4
UnderFileSystem (alluxio.underfs.UnderFileSystem)4
FileBlockInfo (alluxio.wire.FileBlockInfo)4
DescendantType (alluxio.file.options.DescendantType)3
FileSystemMasterCommonPOptions (alluxio.grpc.FileSystemMasterCommonPOptions)3
