Search in sources :

Example 1 with AuthorizationService

use of org.apache.oozie.service.AuthorizationService in project oozie by apache.

the class BaseAdminServlet method authorizeRequest.

/**
 * Authorize request.
 *
 * @param request the HttpServletRequest
 * @throws XServletException the x servlet exception
 */
private void authorizeRequest(HttpServletRequest request) throws XServletException {
    try {
        AuthorizationService auth = Services.get().get(AuthorizationService.class);
        auth.authorizeForAdmin(getUser(request), true);
    } catch (AuthorizationException ex) {
        throw new XServletException(HttpServletResponse.SC_UNAUTHORIZED, ex);
    }
}
Also used : AuthorizationService(org.apache.oozie.service.AuthorizationService) AuthorizationException(org.apache.oozie.service.AuthorizationException)

Example 2 with AuthorizationService

use of org.apache.oozie.service.AuthorizationService in project oozie by apache.

the class BaseJobServlet method checkAuthorizationForApp.

/**
 * Validate the configuration user/group. <p>
 *
 * @param conf configuration.
 * @throws XServletException thrown if the configuration does not have a property {@link
 * org.apache.oozie.client.OozieClient#USER_NAME}.
 */
static void checkAuthorizationForApp(Configuration conf) throws XServletException {
    String user = conf.get(OozieClient.USER_NAME);
    String acl = ConfigUtils.getWithDeprecatedCheck(conf, OozieClient.GROUP_NAME, OozieClient.JOB_ACL, null);
    try {
        if (user == null) {
            throw new XServletException(HttpServletResponse.SC_BAD_REQUEST, ErrorCode.E0401, OozieClient.USER_NAME);
        }
        AuthorizationService auth = Services.get().get(AuthorizationService.class);
        if (acl != null) {
            conf.set(OozieClient.GROUP_NAME, acl);
        } else if (acl == null && auth.useDefaultGroupAsAcl()) {
            acl = auth.getDefaultGroup(user);
            conf.set(OozieClient.GROUP_NAME, acl);
        }
        XLog.Info.get().setParameter(XLogService.GROUP, acl);
        String wfPath = conf.get(OozieClient.APP_PATH);
        String coordPath = conf.get(OozieClient.COORDINATOR_APP_PATH);
        String bundlePath = conf.get(OozieClient.BUNDLE_APP_PATH);
        if (wfPath == null && coordPath == null && bundlePath == null) {
            String[] libPaths = conf.getStrings(XOozieClient.LIBPATH);
            if (libPaths != null && libPaths.length > 0 && libPaths[0].trim().length() > 0) {
                conf.set(OozieClient.APP_PATH, libPaths[0].trim());
                wfPath = libPaths[0].trim();
            } else {
                throw new XServletException(HttpServletResponse.SC_BAD_REQUEST, ErrorCode.E0405);
            }
        }
        ServletUtilities.ValidateAppPath(wfPath, coordPath, bundlePath);
        if (wfPath != null) {
            auth.authorizeForApp(user, acl, wfPath, "workflow.xml", conf);
        } else if (coordPath != null) {
            auth.authorizeForApp(user, acl, coordPath, "coordinator.xml", conf);
        } else if (bundlePath != null) {
            auth.authorizeForApp(user, acl, bundlePath, "bundle.xml", conf);
        }
    } catch (AuthorizationException ex) {
        XLog.getLog(BaseJobServlet.class).info("AuthorizationException ", ex);
        throw new XServletException(HttpServletResponse.SC_UNAUTHORIZED, ex);
    }
}
Also used : AuthorizationService(org.apache.oozie.service.AuthorizationService) AuthorizationException(org.apache.oozie.service.AuthorizationException)

Example 3 with AuthorizationService

use of org.apache.oozie.service.AuthorizationService in project oozie by apache.

the class BaseJobServlet method doPut.

/**
 * Perform various job related actions - start, suspend, resume, kill, etc.
 */
@Override
protected void doPut(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    String jobId = getResourceName(request);
    request.setAttribute(AUDIT_PARAM, jobId);
    request.setAttribute(AUDIT_OPERATION, request.getParameter(RestConstants.ACTION_PARAM));
    try {
        AuthorizationService auth = Services.get().get(AuthorizationService.class);
        auth.authorizeForJob(getUser(request), jobId, true);
    } catch (AuthorizationException ex) {
        throw new XServletException(HttpServletResponse.SC_UNAUTHORIZED, ex);
    }
    String action = request.getParameter(RestConstants.ACTION_PARAM);
    if (action.equals(RestConstants.JOB_ACTION_START)) {
        stopCron();
        startJob(request, response);
        startCron();
        response.setStatus(HttpServletResponse.SC_OK);
    } else if (action.equals(RestConstants.JOB_ACTION_RESUME)) {
        stopCron();
        resumeJob(request, response);
        startCron();
        response.setStatus(HttpServletResponse.SC_OK);
    } else if (action.equals(RestConstants.JOB_ACTION_SUSPEND)) {
        stopCron();
        suspendJob(request, response);
        startCron();
        response.setStatus(HttpServletResponse.SC_OK);
    } else if (action.equals(RestConstants.JOB_ACTION_KILL)) {
        stopCron();
        JSONObject json = killJob(request, response);
        startCron();
        if (json != null) {
            sendJsonResponse(response, HttpServletResponse.SC_OK, json);
        } else {
            response.setStatus(HttpServletResponse.SC_OK);
        }
    } else if (action.equals(RestConstants.JOB_ACTION_CHANGE)) {
        stopCron();
        changeJob(request, response);
        startCron();
        response.setStatus(HttpServletResponse.SC_OK);
    } else if (action.equals(RestConstants.JOB_ACTION_IGNORE)) {
        stopCron();
        JSONObject json = ignoreJob(request, response);
        startCron();
        if (json != null) {
            sendJsonResponse(response, HttpServletResponse.SC_OK, json);
        } else {
            response.setStatus(HttpServletResponse.SC_OK);
        }
    } else if (action.equals(RestConstants.JOB_ACTION_RERUN)) {
        validateContentType(request, RestConstants.XML_CONTENT_TYPE);
        Configuration conf = new XConfiguration(request.getInputStream());
        stopCron();
        String requestUser = getUser(request);
        if (!requestUser.equals(UNDEF)) {
            conf.set(OozieClient.USER_NAME, requestUser);
        }
        if (conf.get(OozieClient.APP_PATH) != null) {
            BaseJobServlet.checkAuthorizationForApp(conf);
            JobUtils.normalizeAppPath(conf.get(OozieClient.USER_NAME), conf.get(OozieClient.GROUP_NAME), conf);
        }
        reRunJob(request, response, conf);
        startCron();
        response.setStatus(HttpServletResponse.SC_OK);
    } else if (action.equals(RestConstants.JOB_COORD_ACTION_RERUN)) {
        validateContentType(request, RestConstants.XML_CONTENT_TYPE);
        stopCron();
        JSONObject json = reRunJob(request, response, null);
        startCron();
        if (json != null) {
            sendJsonResponse(response, HttpServletResponse.SC_OK, json);
        } else {
            response.setStatus(HttpServletResponse.SC_OK);
        }
    } else if (action.equals(RestConstants.JOB_BUNDLE_ACTION_RERUN)) {
        validateContentType(request, RestConstants.XML_CONTENT_TYPE);
        stopCron();
        JSONObject json = reRunJob(request, response, null);
        startCron();
        if (json != null) {
            sendJsonResponse(response, HttpServletResponse.SC_OK, json);
        } else {
            response.setStatus(HttpServletResponse.SC_OK);
        }
    } else if (action.equals(RestConstants.JOB_COORD_UPDATE)) {
        validateContentType(request, RestConstants.XML_CONTENT_TYPE);
        Configuration conf = new XConfiguration(request.getInputStream());
        stopCron();
        String requestUser = getUser(request);
        if (!requestUser.equals(UNDEF)) {
            conf.set(OozieClient.USER_NAME, requestUser);
        }
        if (conf.get(OozieClient.COORDINATOR_APP_PATH) != null) {
            // If coord is submitted from bundle, user may want to update individual coord job with bundle properties
            // If COORDINATOR_APP_PATH is set, we should check only COORDINATOR_APP_PATH path permission
            String bundlePath = conf.get(OozieClient.BUNDLE_APP_PATH);
            if (bundlePath != null) {
                conf.unset(OozieClient.BUNDLE_APP_PATH);
            }
            BaseJobServlet.checkAuthorizationForApp(conf);
            JobUtils.normalizeAppPath(conf.get(OozieClient.USER_NAME), conf.get(OozieClient.GROUP_NAME), conf);
            if (bundlePath != null) {
                conf.set(OozieClient.BUNDLE_APP_PATH, bundlePath);
            }
        }
        JSONObject json = updateJob(request, response, conf);
        startCron();
        sendJsonResponse(response, HttpServletResponse.SC_OK, json);
    } else if (action.equals(RestConstants.SLA_ENABLE_ALERT)) {
        validateContentType(request, RestConstants.XML_CONTENT_TYPE);
        stopCron();
        slaEnableAlert(request, response);
        startCron();
        response.setStatus(HttpServletResponse.SC_OK);
    } else if (action.equals(RestConstants.SLA_DISABLE_ALERT)) {
        validateContentType(request, RestConstants.XML_CONTENT_TYPE);
        stopCron();
        slaDisableAlert(request, response);
        startCron();
        response.setStatus(HttpServletResponse.SC_OK);
    } else if (action.equals(RestConstants.SLA_CHANGE)) {
        validateContentType(request, RestConstants.XML_CONTENT_TYPE);
        stopCron();
        slaChange(request, response);
        startCron();
        response.setStatus(HttpServletResponse.SC_OK);
    } else {
        throw new XServletException(HttpServletResponse.SC_BAD_REQUEST, ErrorCode.E0303, RestConstants.ACTION_PARAM, action);
    }
}
Also used : XConfiguration(org.apache.oozie.util.XConfiguration) JSONObject(org.json.simple.JSONObject) XConfiguration(org.apache.oozie.util.XConfiguration) Configuration(org.apache.hadoop.conf.Configuration) AuthorizationService(org.apache.oozie.service.AuthorizationService) AuthorizationException(org.apache.oozie.service.AuthorizationException)

Example 4 with AuthorizationService

use of org.apache.oozie.service.AuthorizationService in project oozie by apache.

the class BaseJobsServlet method doPut.

/**
 * Perform various job related actions - suspend, resume, kill, etc.
 */
@Override
protected void doPut(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    request.setAttribute(AUDIT_PARAM, request.getParameter(RestConstants.JOBS_FILTER_PARAM));
    request.setAttribute(AUDIT_OPERATION, request.getParameter(RestConstants.ACTION_PARAM));
    try {
        AuthorizationService auth = Services.get().get(AuthorizationService.class);
        String filter = request.getParameter(RestConstants.JOBS_FILTER_PARAM);
        String startStr = request.getParameter(RestConstants.OFFSET_PARAM);
        String lenStr = request.getParameter(RestConstants.LEN_PARAM);
        String jobType = request.getParameter(RestConstants.JOBTYPE_PARAM);
        if (filter == null) {
            throw new IllegalArgumentException("filter params must be specified for bulk write API");
        }
        int start = (startStr != null) ? Integer.parseInt(startStr) : 1;
        start = (start < 1) ? 1 : start;
        int len = (lenStr != null) ? Integer.parseInt(lenStr) : 50;
        len = (len < 1) ? 50 : len;
        auth.authorizeForJobs(getUser(request), JobsFilterUtils.parseFilter(filter), jobType, start, len, true);
    } catch (AuthorizationException ex) {
        throw new XServletException(HttpServletResponse.SC_UNAUTHORIZED, ex);
    }
    String action = request.getParameter(RestConstants.ACTION_PARAM);
    JSONObject json = null;
    if (action.equals(RestConstants.JOB_ACTION_KILL)) {
        stopCron();
        json = killJobs(request, response);
        startCron();
    } else if (action.equals(RestConstants.JOB_ACTION_RESUME)) {
        stopCron();
        json = resumeJobs(request, response);
        startCron();
    } else if (action.equals(RestConstants.JOB_ACTION_SUSPEND)) {
        stopCron();
        json = suspendJobs(request, response);
        startCron();
    } else {
        throw new XServletException(HttpServletResponse.SC_BAD_REQUEST, ErrorCode.E0303, RestConstants.ACTION_PARAM, action);
    }
    response.setStatus(HttpServletResponse.SC_OK);
    sendJsonResponse(response, HttpServletResponse.SC_OK, json);
}
Also used : JSONObject(org.json.simple.JSONObject) AuthorizationService(org.apache.oozie.service.AuthorizationService) AuthorizationException(org.apache.oozie.service.AuthorizationException)

Example 5 with AuthorizationService

use of org.apache.oozie.service.AuthorizationService in project oozie by apache.

the class BaseJobServlet method doGet.

/**
 * Return information about jobs.
 */
@Override
@SuppressWarnings("unchecked")
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    String jobId = getResourceName(request);
    String show = request.getParameter(RestConstants.JOB_SHOW_PARAM);
    String timeZoneId = request.getParameter(RestConstants.TIME_ZONE_PARAM) == null ? "GMT" : request.getParameter(RestConstants.TIME_ZONE_PARAM);
    try {
        AuthorizationService auth = Services.get().get(AuthorizationService.class);
        auth.authorizeForJob(getUser(request), jobId, false);
    } catch (AuthorizationException ex) {
        throw new XServletException(HttpServletResponse.SC_UNAUTHORIZED, ex);
    }
    if (show == null || show.equals(RestConstants.JOB_SHOW_INFO)) {
        stopCron();
        JsonBean job = null;
        try {
            job = getJob(request, response);
        } catch (BaseEngineException e) {
            throw new XServletException(HttpServletResponse.SC_BAD_REQUEST, e);
        }
        startCron();
        sendJsonResponse(response, HttpServletResponse.SC_OK, job, timeZoneId);
    } else if (show.equals(RestConstants.ALL_WORKFLOWS_FOR_COORD_ACTION)) {
        stopCron();
        JSONObject json = getJobsByParentId(request, response);
        startCron();
        sendJsonResponse(response, HttpServletResponse.SC_OK, json);
    } else if (show.equals(RestConstants.JOB_SHOW_JMS_TOPIC)) {
        stopCron();
        String jmsTopicName = getJMSTopicName(request, response);
        JSONObject json = new JSONObject();
        json.put(JsonTags.JMS_TOPIC_NAME, jmsTopicName);
        startCron();
        sendJsonResponse(response, HttpServletResponse.SC_OK, json);
    } else if (show.equals(RestConstants.JOB_SHOW_LOG)) {
        response.setContentType(TEXT_UTF8);
        streamJobLog(request, response);
    } else if (show.equals(RestConstants.JOB_SHOW_ERROR_LOG)) {
        response.setContentType(TEXT_UTF8);
        streamJobErrorLog(request, response);
    } else if (show.equals(RestConstants.JOB_SHOW_AUDIT_LOG)) {
        response.setContentType(TEXT_UTF8);
        streamJobAuditLog(request, response);
    } else if (show.equals(RestConstants.JOB_SHOW_DEFINITION)) {
        stopCron();
        response.setContentType(XML_UTF8);
        String wfDefinition = getJobDefinition(request, response);
        startCron();
        response.setStatus(HttpServletResponse.SC_OK);
        response.getWriter().write(wfDefinition);
    } else if (show.equals(RestConstants.JOB_SHOW_GRAPH)) {
        stopCron();
        streamJobGraph(request, response);
        // -- should happen before you stream anything in response?
        startCron();
    } else if (show.equals(RestConstants.JOB_SHOW_STATUS)) {
        stopCron();
        String status = getJobStatus(request, response);
        JSONObject json = new JSONObject();
        json.put(JsonTags.STATUS, status);
        startCron();
        sendJsonResponse(response, HttpServletResponse.SC_OK, json);
    } else if (show.equals(RestConstants.JOB_SHOW_ACTION_RETRIES_PARAM)) {
        stopCron();
        JSONArray retries = getActionRetries(request, response);
        JSONObject json = new JSONObject();
        json.put(JsonTags.WORKFLOW_ACTION_RETRIES, retries);
        startCron();
        sendJsonResponse(response, HttpServletResponse.SC_OK, json);
    } else if (show.equals(RestConstants.COORD_ACTION_MISSING_DEPENDENCIES)) {
        stopCron();
        JSONObject json = getCoordActionMissingDependencies(request, response);
        startCron();
        sendJsonResponse(response, HttpServletResponse.SC_OK, json);
    } else if (show.equals(RestConstants.JOB_SHOW_WF_ACTIONS_IN_COORD)) {
        stopCron();
        JSONObject json = getWfActionByJobIdAndName(request, response);
        startCron();
        sendJsonResponse(response, HttpServletResponse.SC_OK, json);
    } else {
        throw new XServletException(HttpServletResponse.SC_BAD_REQUEST, ErrorCode.E0303, RestConstants.JOB_SHOW_PARAM, show);
    }
}
Also used : JsonBean(org.apache.oozie.client.rest.JsonBean) JSONObject(org.json.simple.JSONObject) AuthorizationService(org.apache.oozie.service.AuthorizationService) AuthorizationException(org.apache.oozie.service.AuthorizationException) BaseEngineException(org.apache.oozie.BaseEngineException) JSONArray(org.json.simple.JSONArray)

Aggregations

AuthorizationException (org.apache.oozie.service.AuthorizationException)5 AuthorizationService (org.apache.oozie.service.AuthorizationService)5 JSONObject (org.json.simple.JSONObject)3 Configuration (org.apache.hadoop.conf.Configuration)1 BaseEngineException (org.apache.oozie.BaseEngineException)1 JsonBean (org.apache.oozie.client.rest.JsonBean)1 XConfiguration (org.apache.oozie.util.XConfiguration)1 JSONArray (org.json.simple.JSONArray)1