HADOOP-10659. Refactor AccessControlList to reuse utility functions and to improve performance. (Contributed by Benoy Antony)
git-svn-id: https://svn.apache.org/repos/asf/hadoop/common/trunk@1604955 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
59b5e9fa15
commit
214aceb9f7
@ -445,6 +445,9 @@ Release 2.5.0 - UNRELEASED
|
|||||||
HADOOP-10279. Create multiplexer, a requirement for the fair queue.
|
HADOOP-10279. Create multiplexer, a requirement for the fair queue.
|
||||||
(Chris Li via Arpit Agarwal)
|
(Chris Li via Arpit Agarwal)
|
||||||
|
|
||||||
|
HADOOP-10659. Refactor AccessControlList to reuse utility functions
|
||||||
|
and to improve performance. (Benoy Antony via Arpit Agarwal)
|
||||||
|
|
||||||
OPTIMIZATIONS
|
OPTIMIZATIONS
|
||||||
|
|
||||||
BUG FIXES
|
BUG FIXES
|
||||||
|
@ -20,22 +20,21 @@
|
|||||||
import java.io.DataInput;
|
import java.io.DataInput;
|
||||||
import java.io.DataOutput;
|
import java.io.DataOutput;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.Set;
|
import java.util.Collection;
|
||||||
import java.util.TreeSet;
|
import java.util.HashSet;
|
||||||
import java.util.Arrays;
|
|
||||||
import java.util.List;
|
|
||||||
import java.util.LinkedList;
|
import java.util.LinkedList;
|
||||||
import java.util.ListIterator;
|
import java.util.List;
|
||||||
|
|
||||||
import org.apache.hadoop.classification.InterfaceAudience;
|
import org.apache.hadoop.classification.InterfaceAudience;
|
||||||
import org.apache.hadoop.classification.InterfaceStability;
|
import org.apache.hadoop.classification.InterfaceStability;
|
||||||
|
import org.apache.hadoop.conf.Configuration;
|
||||||
import org.apache.hadoop.io.Text;
|
import org.apache.hadoop.io.Text;
|
||||||
import org.apache.hadoop.io.Writable;
|
import org.apache.hadoop.io.Writable;
|
||||||
import org.apache.hadoop.io.WritableFactories;
|
import org.apache.hadoop.io.WritableFactories;
|
||||||
import org.apache.hadoop.io.WritableFactory;
|
import org.apache.hadoop.io.WritableFactory;
|
||||||
import org.apache.hadoop.security.UserGroupInformation;
|
|
||||||
import org.apache.hadoop.security.Groups;
|
import org.apache.hadoop.security.Groups;
|
||||||
import org.apache.hadoop.conf.Configuration;
|
import org.apache.hadoop.security.UserGroupInformation;
|
||||||
|
import org.apache.hadoop.util.StringUtils;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Class representing a configured access control list.
|
* Class representing a configured access control list.
|
||||||
@ -58,9 +57,9 @@ public class AccessControlList implements Writable {
|
|||||||
private static final int INITIAL_CAPACITY = 256;
|
private static final int INITIAL_CAPACITY = 256;
|
||||||
|
|
||||||
// Set of users who are granted access.
|
// Set of users who are granted access.
|
||||||
private Set<String> users;
|
private Collection<String> users;
|
||||||
// Set of groups which are granted access
|
// Set of groups which are granted access
|
||||||
private Set<String> groups;
|
private Collection<String> groups;
|
||||||
// Whether all users are granted access.
|
// Whether all users are granted access.
|
||||||
private boolean allAllowed;
|
private boolean allAllowed;
|
||||||
|
|
||||||
@ -92,27 +91,21 @@ public AccessControlList(String aclString) {
|
|||||||
* @param aclString build ACL from this string
|
* @param aclString build ACL from this string
|
||||||
*/
|
*/
|
||||||
private void buildACL(String aclString) {
|
private void buildACL(String aclString) {
|
||||||
users = new TreeSet<String>();
|
users = new HashSet<String>();
|
||||||
groups = new TreeSet<String>();
|
groups = new HashSet<String>();
|
||||||
if (isWildCardACLValue(aclString)) {
|
if (isWildCardACLValue(aclString)) {
|
||||||
allAllowed = true;
|
allAllowed = true;
|
||||||
} else {
|
} else {
|
||||||
allAllowed = false;
|
allAllowed = false;
|
||||||
String[] userGroupStrings = aclString.split(" ", 2);
|
String[] userGroupStrings = aclString.split(" ", 2);
|
||||||
|
|
||||||
if (userGroupStrings.length >= 1) {
|
if (userGroupStrings.length >= 1) {
|
||||||
List<String> usersList = new LinkedList<String>(
|
users = StringUtils.getTrimmedStringCollection(userGroupStrings[0]);
|
||||||
Arrays.asList(userGroupStrings[0].split(",")));
|
}
|
||||||
cleanupList(usersList);
|
|
||||||
addToSet(users, usersList);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (userGroupStrings.length == 2) {
|
if (userGroupStrings.length == 2) {
|
||||||
List<String> groupsList = new LinkedList<String>(
|
groups = StringUtils.getTrimmedStringCollection(userGroupStrings[1]);
|
||||||
Arrays.asList(userGroupStrings[1].split(",")));
|
groupsMapping.cacheGroupsAdd(new LinkedList<String>(groups));
|
||||||
cleanupList(groupsList);
|
|
||||||
addToSet(groups, groupsList);
|
|
||||||
groupsMapping.cacheGroupsAdd(groupsList);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -203,7 +196,7 @@ public void removeGroup(String group) {
|
|||||||
* Get the names of users allowed for this service.
|
* Get the names of users allowed for this service.
|
||||||
* @return the set of user names. the set must not be modified.
|
* @return the set of user names. the set must not be modified.
|
||||||
*/
|
*/
|
||||||
Set<String> getUsers() {
|
Collection<String> getUsers() {
|
||||||
return users;
|
return users;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -211,7 +204,7 @@ Set<String> getUsers() {
|
|||||||
* Get the names of user groups allowed for this service.
|
* Get the names of user groups allowed for this service.
|
||||||
* @return the set of group names. the set must not be modified.
|
* @return the set of group names. the set must not be modified.
|
||||||
*/
|
*/
|
||||||
Set<String> getGroups() {
|
Collection<String> getGroups() {
|
||||||
return groups;
|
return groups;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -228,36 +221,6 @@ public boolean isUserAllowed(UserGroupInformation ugi) {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Cleanup list, remove empty strings, trim leading/trailing spaces
|
|
||||||
*
|
|
||||||
* @param list clean this list
|
|
||||||
*/
|
|
||||||
private static final void cleanupList(List<String> list) {
|
|
||||||
ListIterator<String> i = list.listIterator();
|
|
||||||
while(i.hasNext()) {
|
|
||||||
String s = i.next();
|
|
||||||
if(s.length() == 0) {
|
|
||||||
i.remove();
|
|
||||||
} else {
|
|
||||||
s = s.trim();
|
|
||||||
i.set(s);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Add list to a set
|
|
||||||
*
|
|
||||||
* @param set add list to this set
|
|
||||||
* @param list add items of this list to the set
|
|
||||||
*/
|
|
||||||
private static final void addToSet(Set<String> set, List<String> list) {
|
|
||||||
for(String s : list) {
|
|
||||||
set.add(s);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns descriptive way of users and groups that are part of this ACL.
|
* Returns descriptive way of users and groups that are part of this ACL.
|
||||||
* Use {@link #getAclString()} to get the exact String that can be given to
|
* Use {@link #getAclString()} to get the exact String that can be given to
|
||||||
@ -358,7 +321,7 @@ private String getGroupsString() {
|
|||||||
*
|
*
|
||||||
* @param strings set of strings to concatenate
|
* @param strings set of strings to concatenate
|
||||||
*/
|
*/
|
||||||
private String getString(Set<String> strings) {
|
private String getString(Collection<String> strings) {
|
||||||
StringBuilder sb = new StringBuilder(INITIAL_CAPACITY);
|
StringBuilder sb = new StringBuilder(INITIAL_CAPACITY);
|
||||||
boolean first = true;
|
boolean first = true;
|
||||||
for(String str: strings) {
|
for(String str: strings) {
|
||||||
|
@ -17,27 +17,25 @@
|
|||||||
*/
|
*/
|
||||||
package org.apache.hadoop.security.authorize;
|
package org.apache.hadoop.security.authorize;
|
||||||
|
|
||||||
import java.util.Iterator;
|
|
||||||
import java.util.Set;
|
|
||||||
import java.util.List;
|
|
||||||
|
|
||||||
import org.junit.Test;
|
|
||||||
import static org.junit.Assert.assertEquals;
|
import static org.junit.Assert.assertEquals;
|
||||||
import static org.junit.Assert.assertFalse;
|
import static org.junit.Assert.assertFalse;
|
||||||
import static org.junit.Assert.assertNotNull;
|
import static org.junit.Assert.assertNotNull;
|
||||||
import static org.junit.Assert.assertTrue;
|
import static org.junit.Assert.assertTrue;
|
||||||
import org.apache.hadoop.classification.InterfaceAudience;
|
|
||||||
import org.apache.hadoop.classification.InterfaceStability;
|
import java.util.Collection;
|
||||||
|
import java.util.Iterator;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
import org.apache.commons.logging.Log;
|
import org.apache.commons.logging.Log;
|
||||||
import org.apache.commons.logging.LogFactory;
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
import org.apache.hadoop.classification.InterfaceAudience;
|
||||||
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
|
import org.apache.hadoop.classification.InterfaceStability;
|
||||||
import org.apache.hadoop.util.NativeCodeLoader;
|
|
||||||
import org.apache.hadoop.conf.Configuration;
|
import org.apache.hadoop.conf.Configuration;
|
||||||
|
import org.apache.hadoop.fs.CommonConfigurationKeysPublic;
|
||||||
import org.apache.hadoop.security.Groups;
|
import org.apache.hadoop.security.Groups;
|
||||||
import org.apache.hadoop.security.UserGroupInformation;
|
import org.apache.hadoop.security.UserGroupInformation;
|
||||||
import org.apache.hadoop.security.authorize.AccessControlList;
|
import org.apache.hadoop.util.NativeCodeLoader;
|
||||||
|
import org.junit.Test;
|
||||||
|
|
||||||
@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"})
|
@InterfaceAudience.LimitedPrivate({"HDFS", "MapReduce"})
|
||||||
@InterfaceStability.Evolving
|
@InterfaceStability.Evolving
|
||||||
@ -221,8 +219,8 @@ private void validateGetAclString(AccessControlList acl) {
|
|||||||
@Test
|
@Test
|
||||||
public void testAccessControlList() throws Exception {
|
public void testAccessControlList() throws Exception {
|
||||||
AccessControlList acl;
|
AccessControlList acl;
|
||||||
Set<String> users;
|
Collection<String> users;
|
||||||
Set<String> groups;
|
Collection<String> groups;
|
||||||
|
|
||||||
acl = new AccessControlList("drwho tardis");
|
acl = new AccessControlList("drwho tardis");
|
||||||
users = acl.getUsers();
|
users = acl.getUsers();
|
||||||
@ -273,8 +271,8 @@ public void testAccessControlList() throws Exception {
|
|||||||
@Test
|
@Test
|
||||||
public void testAddRemoveAPI() {
|
public void testAddRemoveAPI() {
|
||||||
AccessControlList acl;
|
AccessControlList acl;
|
||||||
Set<String> users;
|
Collection<String> users;
|
||||||
Set<String> groups;
|
Collection<String> groups;
|
||||||
acl = new AccessControlList(" ");
|
acl = new AccessControlList(" ");
|
||||||
assertEquals(0, acl.getUsers().size());
|
assertEquals(0, acl.getUsers().size());
|
||||||
assertEquals(0, acl.getGroups().size());
|
assertEquals(0, acl.getGroups().size());
|
||||||
|
Loading…
Reference in New Issue
Block a user