use of org.apache.oozie.service.AuthorizationService in project oozie by apache.
the class BaseAdminServlet method authorizeRequest.
/**
* Authorize request.
*
* @param request the HttpServletRequest
* @throws XServletException the x servlet exception
*/
private void authorizeRequest(HttpServletRequest request) throws XServletException {
try {
AuthorizationService auth = Services.get().get(AuthorizationService.class);
auth.authorizeForAdmin(getUser(request), true);
} catch (AuthorizationException ex) {
throw new XServletException(HttpServletResponse.SC_UNAUTHORIZED, ex);
}
}
use of org.apache.oozie.service.AuthorizationService in project oozie by apache.
the class BaseJobServlet method checkAuthorizationForApp.
/**
* Validate the configuration user/group. <p>
*
* @param conf configuration.
* @throws XServletException thrown if the configuration does not have a property {@link
* org.apache.oozie.client.OozieClient#USER_NAME}.
*/
static void checkAuthorizationForApp(Configuration conf) throws XServletException {
String user = conf.get(OozieClient.USER_NAME);
String acl = ConfigUtils.getWithDeprecatedCheck(conf, OozieClient.GROUP_NAME, OozieClient.JOB_ACL, null);
try {
if (user == null) {
throw new XServletException(HttpServletResponse.SC_BAD_REQUEST, ErrorCode.E0401, OozieClient.USER_NAME);
}
AuthorizationService auth = Services.get().get(AuthorizationService.class);
if (acl != null) {
conf.set(OozieClient.GROUP_NAME, acl);
} else if (acl == null && auth.useDefaultGroupAsAcl()) {
acl = auth.getDefaultGroup(user);
conf.set(OozieClient.GROUP_NAME, acl);
}
XLog.Info.get().setParameter(XLogService.GROUP, acl);
String wfPath = conf.get(OozieClient.APP_PATH);
String coordPath = conf.get(OozieClient.COORDINATOR_APP_PATH);
String bundlePath = conf.get(OozieClient.BUNDLE_APP_PATH);
if (wfPath == null && coordPath == null && bundlePath == null) {
String[] libPaths = conf.getStrings(XOozieClient.LIBPATH);
if (libPaths != null && libPaths.length > 0 && libPaths[0].trim().length() > 0) {
conf.set(OozieClient.APP_PATH, libPaths[0].trim());
wfPath = libPaths[0].trim();
} else {
throw new XServletException(HttpServletResponse.SC_BAD_REQUEST, ErrorCode.E0405);
}
}
ServletUtilities.ValidateAppPath(wfPath, coordPath, bundlePath);
if (wfPath != null) {
auth.authorizeForApp(user, acl, wfPath, "workflow.xml", conf);
} else if (coordPath != null) {
auth.authorizeForApp(user, acl, coordPath, "coordinator.xml", conf);
} else if (bundlePath != null) {
auth.authorizeForApp(user, acl, bundlePath, "bundle.xml", conf);
}
} catch (AuthorizationException ex) {
XLog.getLog(BaseJobServlet.class).info("AuthorizationException ", ex);
throw new XServletException(HttpServletResponse.SC_UNAUTHORIZED, ex);
}
}
use of org.apache.oozie.service.AuthorizationService in project oozie by apache.
the class BaseJobServlet method doPut.
/**
* Perform various job related actions - start, suspend, resume, kill, etc.
*/
@Override
protected void doPut(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String jobId = getResourceName(request);
request.setAttribute(AUDIT_PARAM, jobId);
request.setAttribute(AUDIT_OPERATION, request.getParameter(RestConstants.ACTION_PARAM));
try {
AuthorizationService auth = Services.get().get(AuthorizationService.class);
auth.authorizeForJob(getUser(request), jobId, true);
} catch (AuthorizationException ex) {
throw new XServletException(HttpServletResponse.SC_UNAUTHORIZED, ex);
}
String action = request.getParameter(RestConstants.ACTION_PARAM);
if (action.equals(RestConstants.JOB_ACTION_START)) {
stopCron();
startJob(request, response);
startCron();
response.setStatus(HttpServletResponse.SC_OK);
} else if (action.equals(RestConstants.JOB_ACTION_RESUME)) {
stopCron();
resumeJob(request, response);
startCron();
response.setStatus(HttpServletResponse.SC_OK);
} else if (action.equals(RestConstants.JOB_ACTION_SUSPEND)) {
stopCron();
suspendJob(request, response);
startCron();
response.setStatus(HttpServletResponse.SC_OK);
} else if (action.equals(RestConstants.JOB_ACTION_KILL)) {
stopCron();
JSONObject json = killJob(request, response);
startCron();
if (json != null) {
sendJsonResponse(response, HttpServletResponse.SC_OK, json);
} else {
response.setStatus(HttpServletResponse.SC_OK);
}
} else if (action.equals(RestConstants.JOB_ACTION_CHANGE)) {
stopCron();
changeJob(request, response);
startCron();
response.setStatus(HttpServletResponse.SC_OK);
} else if (action.equals(RestConstants.JOB_ACTION_IGNORE)) {
stopCron();
JSONObject json = ignoreJob(request, response);
startCron();
if (json != null) {
sendJsonResponse(response, HttpServletResponse.SC_OK, json);
} else {
response.setStatus(HttpServletResponse.SC_OK);
}
} else if (action.equals(RestConstants.JOB_ACTION_RERUN)) {
validateContentType(request, RestConstants.XML_CONTENT_TYPE);
Configuration conf = new XConfiguration(request.getInputStream());
stopCron();
String requestUser = getUser(request);
if (!requestUser.equals(UNDEF)) {
conf.set(OozieClient.USER_NAME, requestUser);
}
if (conf.get(OozieClient.APP_PATH) != null) {
BaseJobServlet.checkAuthorizationForApp(conf);
JobUtils.normalizeAppPath(conf.get(OozieClient.USER_NAME), conf.get(OozieClient.GROUP_NAME), conf);
}
reRunJob(request, response, conf);
startCron();
response.setStatus(HttpServletResponse.SC_OK);
} else if (action.equals(RestConstants.JOB_COORD_ACTION_RERUN)) {
validateContentType(request, RestConstants.XML_CONTENT_TYPE);
stopCron();
JSONObject json = reRunJob(request, response, null);
startCron();
if (json != null) {
sendJsonResponse(response, HttpServletResponse.SC_OK, json);
} else {
response.setStatus(HttpServletResponse.SC_OK);
}
} else if (action.equals(RestConstants.JOB_BUNDLE_ACTION_RERUN)) {
validateContentType(request, RestConstants.XML_CONTENT_TYPE);
stopCron();
JSONObject json = reRunJob(request, response, null);
startCron();
if (json != null) {
sendJsonResponse(response, HttpServletResponse.SC_OK, json);
} else {
response.setStatus(HttpServletResponse.SC_OK);
}
} else if (action.equals(RestConstants.JOB_COORD_UPDATE)) {
validateContentType(request, RestConstants.XML_CONTENT_TYPE);
Configuration conf = new XConfiguration(request.getInputStream());
stopCron();
String requestUser = getUser(request);
if (!requestUser.equals(UNDEF)) {
conf.set(OozieClient.USER_NAME, requestUser);
}
if (conf.get(OozieClient.COORDINATOR_APP_PATH) != null) {
// If coord is submitted from bundle, user may want to update individual coord job with bundle properties
// If COORDINATOR_APP_PATH is set, we should check only COORDINATOR_APP_PATH path permission
String bundlePath = conf.get(OozieClient.BUNDLE_APP_PATH);
if (bundlePath != null) {
conf.unset(OozieClient.BUNDLE_APP_PATH);
}
BaseJobServlet.checkAuthorizationForApp(conf);
JobUtils.normalizeAppPath(conf.get(OozieClient.USER_NAME), conf.get(OozieClient.GROUP_NAME), conf);
if (bundlePath != null) {
conf.set(OozieClient.BUNDLE_APP_PATH, bundlePath);
}
}
JSONObject json = updateJob(request, response, conf);
startCron();
sendJsonResponse(response, HttpServletResponse.SC_OK, json);
} else if (action.equals(RestConstants.SLA_ENABLE_ALERT)) {
validateContentType(request, RestConstants.XML_CONTENT_TYPE);
stopCron();
slaEnableAlert(request, response);
startCron();
response.setStatus(HttpServletResponse.SC_OK);
} else if (action.equals(RestConstants.SLA_DISABLE_ALERT)) {
validateContentType(request, RestConstants.XML_CONTENT_TYPE);
stopCron();
slaDisableAlert(request, response);
startCron();
response.setStatus(HttpServletResponse.SC_OK);
} else if (action.equals(RestConstants.SLA_CHANGE)) {
validateContentType(request, RestConstants.XML_CONTENT_TYPE);
stopCron();
slaChange(request, response);
startCron();
response.setStatus(HttpServletResponse.SC_OK);
} else {
throw new XServletException(HttpServletResponse.SC_BAD_REQUEST, ErrorCode.E0303, RestConstants.ACTION_PARAM, action);
}
}
use of org.apache.oozie.service.AuthorizationService in project oozie by apache.
the class BaseJobsServlet method doPut.
/**
* Perform various job related actions - suspend, resume, kill, etc.
*/
@Override
protected void doPut(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
request.setAttribute(AUDIT_PARAM, request.getParameter(RestConstants.JOBS_FILTER_PARAM));
request.setAttribute(AUDIT_OPERATION, request.getParameter(RestConstants.ACTION_PARAM));
try {
AuthorizationService auth = Services.get().get(AuthorizationService.class);
String filter = request.getParameter(RestConstants.JOBS_FILTER_PARAM);
String startStr = request.getParameter(RestConstants.OFFSET_PARAM);
String lenStr = request.getParameter(RestConstants.LEN_PARAM);
String jobType = request.getParameter(RestConstants.JOBTYPE_PARAM);
if (filter == null) {
throw new IllegalArgumentException("filter params must be specified for bulk write API");
}
int start = (startStr != null) ? Integer.parseInt(startStr) : 1;
start = (start < 1) ? 1 : start;
int len = (lenStr != null) ? Integer.parseInt(lenStr) : 50;
len = (len < 1) ? 50 : len;
auth.authorizeForJobs(getUser(request), JobsFilterUtils.parseFilter(filter), jobType, start, len, true);
} catch (AuthorizationException ex) {
throw new XServletException(HttpServletResponse.SC_UNAUTHORIZED, ex);
}
String action = request.getParameter(RestConstants.ACTION_PARAM);
JSONObject json = null;
if (action.equals(RestConstants.JOB_ACTION_KILL)) {
stopCron();
json = killJobs(request, response);
startCron();
} else if (action.equals(RestConstants.JOB_ACTION_RESUME)) {
stopCron();
json = resumeJobs(request, response);
startCron();
} else if (action.equals(RestConstants.JOB_ACTION_SUSPEND)) {
stopCron();
json = suspendJobs(request, response);
startCron();
} else {
throw new XServletException(HttpServletResponse.SC_BAD_REQUEST, ErrorCode.E0303, RestConstants.ACTION_PARAM, action);
}
response.setStatus(HttpServletResponse.SC_OK);
sendJsonResponse(response, HttpServletResponse.SC_OK, json);
}
use of org.apache.oozie.service.AuthorizationService in project oozie by apache.
the class BaseJobServlet method doGet.
/**
* Return information about jobs.
*/
@Override
@SuppressWarnings("unchecked")
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String jobId = getResourceName(request);
String show = request.getParameter(RestConstants.JOB_SHOW_PARAM);
String timeZoneId = request.getParameter(RestConstants.TIME_ZONE_PARAM) == null ? "GMT" : request.getParameter(RestConstants.TIME_ZONE_PARAM);
try {
AuthorizationService auth = Services.get().get(AuthorizationService.class);
auth.authorizeForJob(getUser(request), jobId, false);
} catch (AuthorizationException ex) {
throw new XServletException(HttpServletResponse.SC_UNAUTHORIZED, ex);
}
if (show == null || show.equals(RestConstants.JOB_SHOW_INFO)) {
stopCron();
JsonBean job = null;
try {
job = getJob(request, response);
} catch (BaseEngineException e) {
throw new XServletException(HttpServletResponse.SC_BAD_REQUEST, e);
}
startCron();
sendJsonResponse(response, HttpServletResponse.SC_OK, job, timeZoneId);
} else if (show.equals(RestConstants.ALL_WORKFLOWS_FOR_COORD_ACTION)) {
stopCron();
JSONObject json = getJobsByParentId(request, response);
startCron();
sendJsonResponse(response, HttpServletResponse.SC_OK, json);
} else if (show.equals(RestConstants.JOB_SHOW_JMS_TOPIC)) {
stopCron();
String jmsTopicName = getJMSTopicName(request, response);
JSONObject json = new JSONObject();
json.put(JsonTags.JMS_TOPIC_NAME, jmsTopicName);
startCron();
sendJsonResponse(response, HttpServletResponse.SC_OK, json);
} else if (show.equals(RestConstants.JOB_SHOW_LOG)) {
response.setContentType(TEXT_UTF8);
streamJobLog(request, response);
} else if (show.equals(RestConstants.JOB_SHOW_ERROR_LOG)) {
response.setContentType(TEXT_UTF8);
streamJobErrorLog(request, response);
} else if (show.equals(RestConstants.JOB_SHOW_AUDIT_LOG)) {
response.setContentType(TEXT_UTF8);
streamJobAuditLog(request, response);
} else if (show.equals(RestConstants.JOB_SHOW_DEFINITION)) {
stopCron();
response.setContentType(XML_UTF8);
String wfDefinition = getJobDefinition(request, response);
startCron();
response.setStatus(HttpServletResponse.SC_OK);
response.getWriter().write(wfDefinition);
} else if (show.equals(RestConstants.JOB_SHOW_GRAPH)) {
stopCron();
streamJobGraph(request, response);
// -- should happen before you stream anything in response?
startCron();
} else if (show.equals(RestConstants.JOB_SHOW_STATUS)) {
stopCron();
String status = getJobStatus(request, response);
JSONObject json = new JSONObject();
json.put(JsonTags.STATUS, status);
startCron();
sendJsonResponse(response, HttpServletResponse.SC_OK, json);
} else if (show.equals(RestConstants.JOB_SHOW_ACTION_RETRIES_PARAM)) {
stopCron();
JSONArray retries = getActionRetries(request, response);
JSONObject json = new JSONObject();
json.put(JsonTags.WORKFLOW_ACTION_RETRIES, retries);
startCron();
sendJsonResponse(response, HttpServletResponse.SC_OK, json);
} else if (show.equals(RestConstants.COORD_ACTION_MISSING_DEPENDENCIES)) {
stopCron();
JSONObject json = getCoordActionMissingDependencies(request, response);
startCron();
sendJsonResponse(response, HttpServletResponse.SC_OK, json);
} else if (show.equals(RestConstants.JOB_SHOW_WF_ACTIONS_IN_COORD)) {
stopCron();
JSONObject json = getWfActionByJobIdAndName(request, response);
startCron();
sendJsonResponse(response, HttpServletResponse.SC_OK, json);
} else {
throw new XServletException(HttpServletResponse.SC_BAD_REQUEST, ErrorCode.E0303, RestConstants.JOB_SHOW_PARAM, show);
}
}
Aggregations