fe/src/main/java/org/apache/impala/util/AuthorizationUtil.java - impala - Git at Google

 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.

 package org.apache.impala.util;

 import org.apache.impala.authorization.AuthorizationConfig;
 import org.apache.impala.authorization.AuthorizationFactory;
 import org.apache.impala.authorization.AuthorizationProvider;
 import org.apache.impala.authorization.NoopAuthorizationFactory;
 import org.apache.impala.common.InternalException;
 import org.apache.impala.service.BackendConfig;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 public class AuthorizationUtil {
   private final static Logger LOG = LoggerFactory.getLogger(AuthorizationUtil.class);

   private AuthorizationUtil() {}

   /**
    * Returns the {@link AuthorizationFactory} class name specified by
    * the given {@link BackendConfig}
    *
    * @param beCfg
    * @return the AuthorizationFactory class name for the given BackendConfig
    * @throws InternalException if the class name could not be determined from
    *                           the given backend config values
    */
   public static String authzFactoryClassNameFrom(BackendConfig beCfg)
       throws InternalException {
     final String authzFactoryClassOption = beCfg.getAuthorizationFactoryClass();
     final String authzFactoryClassName;
     if (authzFactoryClassOption != null) {
       // authorization_factory_class takes precedence
       authzFactoryClassName = authzFactoryClassOption;
     } else {
       // use authorization_provider flag
       final String authzProvider = beCfg.getAuthorizationProvider();
       try {
         final AuthorizationProvider provider = AuthorizationProvider.valueOf(
             authzProvider.toUpperCase().trim());
         authzFactoryClassName = provider.getAuthorizationFactoryClassName();
       } catch (Exception e) {
         throw new InternalException(
             "Could not parse authorization_provider flag: " + authzProvider);
       }
     }
     return authzFactoryClassName;
   }

   /**
    * Creates the appropriate {@link AuthorizationFactory} based on the
    * given {@link BackendConfig}.
    *
    * @param beCfg the BackendConfig
    * @return the correctly-chosen AuthorizationFactory
    *
    * @throws InternalException if the correct factory could not be determined
    *                           e.g. if config flags are invalid
    */
   public static AuthorizationFactory authzFactoryFrom(BackendConfig beCfg)
       throws InternalException {
     final AuthorizationFactory authzFactory;
     final String authzFactoryClassName = authzFactoryClassNameFrom(beCfg);
     try {
       authzFactory = (AuthorizationFactory)
           Class.forName(authzFactoryClassName)
               .getConstructor(BackendConfig.class)
               .newInstance(beCfg);
     } catch (Exception e) {
       throw new InternalException(
           "Unable to instantiate authorization provider: " + authzFactoryClassName, e);
     }
     final AuthorizationConfig authzConfig = authzFactory.getAuthorizationConfig();

     if (!authzConfig.isEnabled()) {
       // For backward compatibility to keep the existing behavior, when authorization
       // is not enabled, we need to use a dummy authorization config.
       LOG.info("Authorization is 'DISABLED'.");
       return new NoopAuthorizationFactory(beCfg);
     }

     LOG.info(String.format("Authorization is 'ENABLED' using %s.",
         authzConfig.getProviderName()));
     return authzFactory;
   }
 }
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License.

	package org.apache.impala.util;

	import org.apache.impala.authorization.AuthorizationConfig;
	import org.apache.impala.authorization.AuthorizationFactory;
	import org.apache.impala.authorization.AuthorizationProvider;
	import org.apache.impala.authorization.NoopAuthorizationFactory;
	import org.apache.impala.common.InternalException;
	import org.apache.impala.service.BackendConfig;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;

	public class AuthorizationUtil {
	private final static Logger LOG = LoggerFactory.getLogger(AuthorizationUtil.class);

	private AuthorizationUtil() {}

	/**
	* Returns the {@link AuthorizationFactory} class name specified by
	* the given {@link BackendConfig}
	*
	* @param beCfg
	* @return the AuthorizationFactory class name for the given BackendConfig
	* @throws InternalException if the class name could not be determined from
	* the given backend config values
	*/
	public static String authzFactoryClassNameFrom(BackendConfig beCfg)
	throws InternalException {
	final String authzFactoryClassOption = beCfg.getAuthorizationFactoryClass();
	final String authzFactoryClassName;
	if (authzFactoryClassOption != null) {
	// authorization_factory_class takes precedence
	authzFactoryClassName = authzFactoryClassOption;
	} else {
	// use authorization_provider flag
	final String authzProvider = beCfg.getAuthorizationProvider();
	try {
	final AuthorizationProvider provider = AuthorizationProvider.valueOf(
	authzProvider.toUpperCase().trim());
	authzFactoryClassName = provider.getAuthorizationFactoryClassName();
	} catch (Exception e) {
	throw new InternalException(
	"Could not parse authorization_provider flag: " + authzProvider);
	}
	}
	return authzFactoryClassName;
	}

	/**
	* Creates the appropriate {@link AuthorizationFactory} based on the
	* given {@link BackendConfig}.
	*
	* @param beCfg the BackendConfig
	* @return the correctly-chosen AuthorizationFactory
	*
	* @throws InternalException if the correct factory could not be determined
	* e.g. if config flags are invalid
	*/
	public static AuthorizationFactory authzFactoryFrom(BackendConfig beCfg)
	throws InternalException {
	final AuthorizationFactory authzFactory;
	final String authzFactoryClassName = authzFactoryClassNameFrom(beCfg);
	try {
	authzFactory = (AuthorizationFactory)
	Class.forName(authzFactoryClassName)
	.getConstructor(BackendConfig.class)
	.newInstance(beCfg);
	} catch (Exception e) {
	throw new InternalException(
	"Unable to instantiate authorization provider: " + authzFactoryClassName, e);
	}
	final AuthorizationConfig authzConfig = authzFactory.getAuthorizationConfig();

	if (!authzConfig.isEnabled()) {
	// For backward compatibility to keep the existing behavior, when authorization
	// is not enabled, we need to use a dummy authorization config.
	LOG.info("Authorization is 'DISABLED'.");
	return new NoopAuthorizationFactory(beCfg);
	}

	LOG.info(String.format("Authorization is 'ENABLED' using %s.",
	authzConfig.getProviderName()));
	return authzFactory;
	}
	}