common/src/main/java/org/apache/falcon/entity/parser/EntityParser.java - falcon - Git at Google

 /**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package org.apache.falcon.entity.parser;

 import org.apache.commons.io.IOUtils;
 import org.apache.falcon.FalconException;
 import org.apache.falcon.entity.store.ConfigurationStore;
 import org.apache.falcon.entity.v0.AccessControlList;
 import org.apache.falcon.entity.v0.Entity;
 import org.apache.falcon.entity.v0.EntityType;
 import org.apache.falcon.entity.v0.SchemaHelper;
 import org.apache.falcon.security.CurrentUser;
 import org.apache.falcon.security.SecurityUtil;
 import org.apache.hadoop.security.UserGroupInformation;
 import org.apache.hadoop.security.authorize.AuthorizationException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 import javax.xml.bind.Unmarshaller;
 import javax.xml.stream.XMLInputFactory;
 import javax.xml.stream.XMLStreamReader;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.Arrays;
 import java.util.HashSet;
 import java.util.Set;

 /**
  * Generic Abstract Entity Parser, the concrete FEED, PROCESS and CLUSTER should extend this parser
  * to implement specific parsing.
  *
  * @param <T> of type Entity
  */
 public abstract class EntityParser<T extends Entity> {

     private static final Logger LOG = LoggerFactory.getLogger(EntityParser.class);

     private final EntityType entityType;
     protected final boolean isAuthorizationDisabled;

     protected EntityParser(EntityType entityType) {
         this.entityType = entityType;
         isAuthorizationDisabled = !SecurityUtil.isAuthorizationEnabled();
     }

     public EntityType getEntityType() {
         return this.entityType;
     }

     /**
      * Parses a sent XML and validates it using JAXB.
      *
      * @param xmlString - Entity XML
      * @return Entity - JAVA Object
      * @throws FalconException
      */
     public Entity parseAndValidate(String xmlString) throws FalconException {
         InputStream inputStream = null;
         try {
             inputStream = new ByteArrayInputStream(xmlString.getBytes());
             return parseAndValidate(inputStream);
         } finally {
             IOUtils.closeQuietly(inputStream);
         }
     }

     /**
      * Parses xml stream.
      *
      * @param xmlStream stream
      * @return entity
      * @throws FalconException
      */
     @SuppressWarnings("unchecked")
     public T parse(InputStream xmlStream) throws FalconException {
         try {
             XMLInputFactory xif = SchemaHelper.createXmlInputFactory();
             XMLStreamReader xsr = xif.createXMLStreamReader(xmlStream);
             // parse against schema
             Unmarshaller unmarshaller = entityType.getUnmarshaller();
             T entity = (T) unmarshaller.unmarshal(xsr);
             LOG.info("Parsed Entity: {}", entity.getName());
             return entity;
         } catch (Exception e) {
             throw new FalconException(e);
         }
     }

     public T parseAndValidate(InputStream xmlStream) throws FalconException {
         T entity = parse(xmlStream);
         validate(entity);
         return entity;
     }

     protected void validateEntityExists(EntityType type, String name) throws FalconException {
         if (ConfigurationStore.get().get(type, name) == null) {
             throw new ValidationException("Referenced " + type + " " + name + " is not registered");
         }
     }

     public abstract void validate(T entity) throws FalconException;

     /**
      * Checks if the acl owner is a valid user by fetching the groups for the owner.
      * Also checks if the acl group is one of the fetched groups for membership.
      * The only limitation is that a user cannot add a group in ACL that he does not belong to.
      *
      * @param acl  entity ACL
      * @throws org.apache.falcon.entity.parser.ValidationException
      */
     protected void validateACLOwnerAndGroup(AccessControlList acl) throws ValidationException {
         String aclOwner = acl.getOwner();
         String aclGroup = acl.getGroup();

         try {
             UserGroupInformation proxyACLUser = UserGroupInformation.createProxyUser(
                     aclOwner, UserGroupInformation.getLoginUser());
             Set<String> groups = new HashSet<String>(Arrays.asList(proxyACLUser.getGroupNames()));
             if (!groups.contains(aclGroup)) {
                 throw new AuthorizationException("Invalid group: " + aclGroup
                         + " for user: " + aclOwner);
             }
         } catch (IOException e) {
             throw new ValidationException("Invalid acl owner " + aclOwner
                     + ", does not exist or does not belong to group: " + aclGroup);
         }
     }

     /**
      * Validate if the entity owner is the logged-in authenticated user.
      *
      * @param entityName  entity name
      * @param acl         entity ACL
      * @throws AuthorizationException
      */
     protected void authorize(String entityName,
                              AccessControlList acl) throws AuthorizationException {
         try {
             SecurityUtil.getAuthorizationProvider().authorizeEntity(entityName,
                     getEntityType().name(), acl, "submit", CurrentUser.getAuthenticatedUGI());
         } catch (FalconException e) {
             throw new AuthorizationException(e);
         } catch (IOException e) {
             throw new AuthorizationException(e);
         }
     }
 }
	/**
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package org.apache.falcon.entity.parser;

	import org.apache.commons.io.IOUtils;
	import org.apache.falcon.FalconException;
	import org.apache.falcon.entity.store.ConfigurationStore;
	import org.apache.falcon.entity.v0.AccessControlList;
	import org.apache.falcon.entity.v0.Entity;
	import org.apache.falcon.entity.v0.EntityType;
	import org.apache.falcon.entity.v0.SchemaHelper;
	import org.apache.falcon.security.CurrentUser;
	import org.apache.falcon.security.SecurityUtil;
	import org.apache.hadoop.security.UserGroupInformation;
	import org.apache.hadoop.security.authorize.AuthorizationException;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;

	import javax.xml.bind.Unmarshaller;
	import javax.xml.stream.XMLInputFactory;
	import javax.xml.stream.XMLStreamReader;
	import java.io.ByteArrayInputStream;
	import java.io.IOException;
	import java.io.InputStream;
	import java.util.Arrays;
	import java.util.HashSet;
	import java.util.Set;

	/**
	* Generic Abstract Entity Parser, the concrete FEED, PROCESS and CLUSTER should extend this parser
	* to implement specific parsing.
	*
	* @param <T> of type Entity
	*/
	public abstract class EntityParser<T extends Entity> {

	private static final Logger LOG = LoggerFactory.getLogger(EntityParser.class);

	private final EntityType entityType;
	protected final boolean isAuthorizationDisabled;

	protected EntityParser(EntityType entityType) {
	this.entityType = entityType;
	isAuthorizationDisabled = !SecurityUtil.isAuthorizationEnabled();
	}

	public EntityType getEntityType() {
	return this.entityType;
	}

	/**
	* Parses a sent XML and validates it using JAXB.
	*
	* @param xmlString - Entity XML
	* @return Entity - JAVA Object
	* @throws FalconException
	*/
	public Entity parseAndValidate(String xmlString) throws FalconException {
	InputStream inputStream = null;
	try {
	inputStream = new ByteArrayInputStream(xmlString.getBytes());
	return parseAndValidate(inputStream);
	} finally {
	IOUtils.closeQuietly(inputStream);
	}
	}

	/**
	* Parses xml stream.
	*
	* @param xmlStream stream
	* @return entity
	* @throws FalconException
	*/
	@SuppressWarnings("unchecked")
	public T parse(InputStream xmlStream) throws FalconException {
	try {
	XMLInputFactory xif = SchemaHelper.createXmlInputFactory();
	XMLStreamReader xsr = xif.createXMLStreamReader(xmlStream);
	// parse against schema
	Unmarshaller unmarshaller = entityType.getUnmarshaller();
	T entity = (T) unmarshaller.unmarshal(xsr);
	LOG.info("Parsed Entity: {}", entity.getName());
	return entity;
	} catch (Exception e) {
	throw new FalconException(e);
	}
	}

	public T parseAndValidate(InputStream xmlStream) throws FalconException {
	T entity = parse(xmlStream);
	validate(entity);
	return entity;
	}

	protected void validateEntityExists(EntityType type, String name) throws FalconException {
	if (ConfigurationStore.get().get(type, name) == null) {
	throw new ValidationException("Referenced " + type + " " + name + " is not registered");
	}
	}

	public abstract void validate(T entity) throws FalconException;

	/**
	* Checks if the acl owner is a valid user by fetching the groups for the owner.
	* Also checks if the acl group is one of the fetched groups for membership.
	* The only limitation is that a user cannot add a group in ACL that he does not belong to.
	*
	* @param acl entity ACL
	* @throws org.apache.falcon.entity.parser.ValidationException
	*/
	protected void validateACLOwnerAndGroup(AccessControlList acl) throws ValidationException {
	String aclOwner = acl.getOwner();
	String aclGroup = acl.getGroup();

	try {
	UserGroupInformation proxyACLUser = UserGroupInformation.createProxyUser(
	aclOwner, UserGroupInformation.getLoginUser());
	Set<String> groups = new HashSet<String>(Arrays.asList(proxyACLUser.getGroupNames()));
	if (!groups.contains(aclGroup)) {
	throw new AuthorizationException("Invalid group: " + aclGroup
	+ " for user: " + aclOwner);
	}
	} catch (IOException e) {
	throw new ValidationException("Invalid acl owner " + aclOwner
	+ ", does not exist or does not belong to group: " + aclGroup);
	}
	}

	/**
	* Validate if the entity owner is the logged-in authenticated user.
	*
	* @param entityName entity name
	* @param acl entity ACL
	* @throws AuthorizationException
	*/
	protected void authorize(String entityName,
	AccessControlList acl) throws AuthorizationException {
	try {
	SecurityUtil.getAuthorizationProvider().authorizeEntity(entityName,
	getEntityType().name(), acl, "submit", CurrentUser.getAuthenticatedUGI());
	} catch (FalconException e) {
	throw new AuthorizationException(e);
	} catch (IOException e) {
	throw new AuthorizationException(e);
	}
	}
	}