ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tbeerbo...@apache.org
Subject [1/2] AMBARI-6723 - Views: Support clean install scenario
Date Mon, 11 Aug 2014 01:06:51 GMT
Repository: ambari
Updated Branches:
  refs/heads/trunk 778d62e8a -> da2ac5777


http://git-wip-us.apache.org/repos/asf/ambari/blob/da2ac577/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/InternalTokenAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/InternalTokenAuthenticationFilter.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/InternalTokenAuthenticationFilter.java
deleted file mode 100644
index c05de28..0000000
--- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/InternalTokenAuthenticationFilter.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ambari.server.security.authorization.internal;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.core.context.SecurityContextHolder;
-
-import javax.servlet.*;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
-public class InternalTokenAuthenticationFilter implements Filter {
-  public static final String INTERNAL_TOKEN_HEADER = "X-Internal-Token";
-
-  @Override
-  public void init(FilterConfig filterConfig) throws ServletException {
-
-  }
-
-  @Override
-  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
-    HttpServletRequest httpRequest = (HttpServletRequest) request;
-    HttpServletResponse httpResponse = (HttpServletResponse) response;
-
-    SecurityContext context = SecurityContextHolder.getContext();
-
-    if (context.getAuthentication() == null || !context.getAuthentication().isAuthenticated()) {
-      String token = httpRequest.getHeader(INTERNAL_TOKEN_HEADER);
-      if (token != null) {
-        context.setAuthentication(new InternalAuthenticationToken(token));
-      }
-    }
-
-    chain.doFilter(request, response);
-  }
-
-  @Override
-  public void destroy() {
-
-  }
-}

http://git-wip-us.apache.org/repos/asf/ambari/blob/da2ac577/ambari-server/src/main/java/org/apache/ambari/server/state/Cluster.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/Cluster.java b/ambari-server/src/main/java/org/apache/ambari/server/state/Cluster.java
index 1d74038..8c0638a 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/state/Cluster.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/state/Cluster.java
@@ -26,6 +26,7 @@ import java.util.concurrent.locks.ReadWriteLock;
 import com.google.common.collect.ListMultimap;
 import org.apache.ambari.server.AmbariException;
 import org.apache.ambari.server.controller.ClusterResponse;
+import org.apache.ambari.server.orm.entities.PrivilegeEntity;
 import org.apache.ambari.server.state.configgroup.ConfigGroup;
 import org.apache.ambari.server.state.scheduler.RequestExecution;
 import org.apache.ambari.server.controller.ServiceConfigVersionResponse;
@@ -75,7 +76,7 @@ public interface Cluster {
 
   /**
    * Remove ServiceComponentHost from cluster
-   * @param ServiceComponentHost
+   * @param svcCompHost
    */  
   public void removeServiceComponentHost(ServiceComponentHost svcCompHost) throws AmbariException;
   
@@ -344,5 +345,14 @@ public interface Cluster {
    */
   public Collection<Alert> getAlerts();
 
-
+  /**
+   * Determine whether or not access to this cluster resource should be allowed based
+   * on the given privilege.
+   *
+   * @param privilegeEntity  the privilege
+   * @param readOnly         indicate whether or not this check is for a read only operation
+   *
+   * @return true if the access to this cluster is allowed
+   */
+  public boolean checkPermission(PrivilegeEntity privilegeEntity, boolean readOnly);
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/da2ac577/ambari-server/src/main/java/org/apache/ambari/server/state/Clusters.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/Clusters.java b/ambari-server/src/main/java/org/apache/ambari/server/state/Clusters.java
index eb00a97..18f3a94 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/state/Clusters.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/state/Clusters.java
@@ -173,4 +173,15 @@ public interface Clusters {
   public void deleteHost(String hostname)
       throws AmbariException;
 
+  /**
+   * Determine whether or not access to the cluster resource identified
+   * by the given cluster name should be allowed based on the permissions
+   * granted to the current user.
+   *
+   * @param clusterName  the cluster name
+   * @param readOnly     indicate whether or not this check is for a read only operation
+   *
+   * @return true if access to the cluster is allowed
+   */
+  public boolean checkPermission(String clusterName, boolean readOnly);
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/da2ac577/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClusterImpl.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClusterImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClusterImpl.java
index cf672cf..472c7a6 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClusterImpl.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClusterImpl.java
@@ -61,7 +61,10 @@ import org.apache.ambari.server.orm.entities.ClusterEntity;
 import org.apache.ambari.server.orm.entities.ClusterServiceEntity;
 import org.apache.ambari.server.orm.entities.ClusterStateEntity;
 import org.apache.ambari.server.orm.entities.ConfigGroupEntity;
+import org.apache.ambari.server.orm.entities.PermissionEntity;
+import org.apache.ambari.server.orm.entities.PrivilegeEntity;
 import org.apache.ambari.server.orm.entities.RequestScheduleEntity;
+import org.apache.ambari.server.orm.entities.ResourceEntity;
 import org.apache.ambari.server.orm.entities.ServiceConfigApplicationEntity;
 import org.apache.ambari.server.orm.entities.ServiceConfigEntity;
 import org.apache.ambari.server.state.*;
@@ -83,6 +86,7 @@ import com.google.inject.Inject;
 import com.google.inject.Injector;
 import com.google.inject.assistedinject.Assisted;
 import com.google.inject.persist.Transactional;
+import org.springframework.security.core.GrantedAuthority;
 
 public class ClusterImpl implements Cluster {
 
@@ -1889,4 +1893,20 @@ public class ClusterImpl implements Cluster {
       readLock.unlock();
     }
   }
+
+  @Override
+  public boolean checkPermission(PrivilegeEntity privilegeEntity, boolean readOnly) {
+    ResourceEntity resourceEntity = clusterEntity.getResource();
+    if (resourceEntity != null) {
+      Integer permissionId = privilegeEntity.getPermission().getId();
+      // CLUSTER.READ or CLUSTER.OPERATE for the given cluster resource.
+      if (privilegeEntity.getResource().equals(resourceEntity)) {
+        if ((readOnly && permissionId.equals(PermissionEntity.CLUSTER_READ_PERMISSION)) ||
+            permissionId.equals(PermissionEntity.CLUSTER_OPERATE_PERMISSION)) {
+          return true;
+        }
+      }
+    }
+    return false;
+  }
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/da2ac577/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClustersImpl.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClustersImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClustersImpl.java
index 1ded03c..e67ea45 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClustersImpl.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClustersImpl.java
@@ -35,8 +35,12 @@ import org.apache.ambari.server.orm.dao.ResourceDAO;
 import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
 import org.apache.ambari.server.orm.entities.ClusterEntity;
 import org.apache.ambari.server.orm.entities.HostEntity;
+import org.apache.ambari.server.orm.entities.PermissionEntity;
+import org.apache.ambari.server.orm.entities.PrivilegeEntity;
 import org.apache.ambari.server.orm.entities.ResourceEntity;
 import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
+import org.apache.ambari.server.security.SecurityHelper;
+import org.apache.ambari.server.security.authorization.AmbariGrantedAuthority;
 import org.apache.ambari.server.state.AgentVersion;
 import org.apache.ambari.server.state.Cluster;
 import org.apache.ambari.server.state.Clusters;
@@ -50,6 +54,8 @@ import org.apache.ambari.server.state.configgroup.ConfigGroup;
 import org.apache.ambari.server.state.host.HostFactory;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.security.core.GrantedAuthority;
+
 import javax.persistence.RollbackException;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -99,6 +105,8 @@ public class ClustersImpl implements Clusters {
   Gson gson;
   @Inject
   private ConfigGroupHostMappingDAO configGroupHostMappingDAO;
+  @Inject
+  private SecurityHelper securityHelper;
 
   @Inject
   public ClustersImpl() {
@@ -337,11 +345,7 @@ public class ClustersImpl implements Clusters {
     Map<String, List<RepositoryInfo>> repos =
         ambariMetaInfo.getRepository(c.getDesiredStackVersion().getStackName(),
             c.getDesiredStackVersion().getStackVersion());
-    if (repos == null || repos.isEmpty()) {
-      return false;
-    }
-    
-    return repos.containsKey(h.getOsFamily());
+    return !(repos == null || repos.isEmpty()) && repos.containsKey(h.getOsFamily());
   }
 
   @Override
@@ -553,8 +557,8 @@ public class ClustersImpl implements Clusters {
       for (Cluster c : clusters.values()) {
         if (!first) {
           sb.append(" , ");
-          first = false;
         }
+        first = false;
         sb.append("\n  ");
         c.debugDump(sb);
         sb.append(" ");
@@ -692,4 +696,48 @@ public class ClustersImpl implements Clusters {
     
   }
 
+  @Override
+  public boolean checkPermission(String clusterName, boolean readOnly) {
+
+    Cluster cluster = null;
+    try {
+      cluster = clusterName == null ? null : getCluster(clusterName);
+    } catch (AmbariException e) {
+      // do nothing
+    }
+
+    return (cluster == null && readOnly) || checkPermission(cluster, readOnly);
+  }
+
+  /**
+   * Determine whether or not access to the given cluster resource should be allowed based
+   * on the privileges of the current user.
+   *
+   * @param cluster   the cluster
+   * @param readOnly  indicate whether or not this check is for a read only operation
+   *
+   * @return true if the access to this cluster is allowed
+   */
+  private boolean checkPermission(Cluster cluster, boolean readOnly) {
+    for (GrantedAuthority grantedAuthority : securityHelper.getCurrentAuthorities()) {
+      if (grantedAuthority instanceof AmbariGrantedAuthority) {
+
+        AmbariGrantedAuthority authority       = (AmbariGrantedAuthority) grantedAuthority;
+        PrivilegeEntity        privilegeEntity = authority.getPrivilegeEntity();
+        Integer                permissionId    = privilegeEntity.getPermission().getId();
+
+        // admin has full access
+        if (permissionId.equals(PermissionEntity.AMBARI_ADMIN_PERMISSION)) {
+          return true;
+        }
+        if (cluster != null) {
+          if (cluster.checkPermission(privilegeEntity, readOnly)) {
+            return true;
+          }
+        }
+      }
+    }
+    // TODO : should we log this?
+    return false;
+  }
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/da2ac577/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
index 58e68c2..808de92 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
@@ -31,14 +31,13 @@ import org.apache.ambari.server.configuration.Configuration;
 import org.apache.ambari.server.controller.spi.Resource;
 import org.apache.ambari.server.orm.dao.MemberDAO;
 import org.apache.ambari.server.orm.dao.PrivilegeDAO;
-import org.apache.ambari.server.orm.dao.ResourceDAO;
-import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
 import org.apache.ambari.server.orm.dao.UserDAO;
 import org.apache.ambari.server.orm.dao.ViewDAO;
 import org.apache.ambari.server.orm.dao.ViewInstanceDAO;
 import org.apache.ambari.server.orm.entities.GroupEntity;
 import org.apache.ambari.server.orm.entities.MemberEntity;
 import org.apache.ambari.server.orm.entities.PermissionEntity;
+import org.apache.ambari.server.orm.entities.PrivilegeEntity;
 import org.apache.ambari.server.orm.entities.ResourceEntity;
 import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
 import org.apache.ambari.server.orm.entities.UserEntity;
@@ -48,6 +47,8 @@ import org.apache.ambari.server.orm.entities.ViewInstanceDataEntity;
 import org.apache.ambari.server.orm.entities.ViewInstanceEntity;
 import org.apache.ambari.server.orm.entities.ViewParameterEntity;
 import org.apache.ambari.server.orm.entities.ViewResourceEntity;
+import org.apache.ambari.server.security.SecurityHelper;
+import org.apache.ambari.server.security.authorization.AmbariGrantedAuthority;
 import org.apache.ambari.server.view.configuration.EntityConfig;
 import org.apache.ambari.server.view.configuration.InstanceConfig;
 import org.apache.ambari.server.view.configuration.ParameterConfig;
@@ -69,6 +70,7 @@ import org.apache.commons.lang.StringUtils;
 import org.eclipse.jetty.webapp.WebAppContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.security.core.GrantedAuthority;
 
 import javax.xml.bind.JAXBContext;
 import javax.xml.bind.JAXBException;
@@ -120,12 +122,6 @@ public class ViewRegistry {
       new HashMap<ViewEntity, Map<String, ViewInstanceEntity>>();
 
   /**
-   * Mapping of view instances keyed by resource id.
-   */
-  private Map<Long, ViewInstanceEntity> viewInstances =
-      new HashMap<Long, ViewInstanceEntity>();
-
-  /**
    * Mapping of view names to sub-resources.
    */
   private final Map<String, Set<SubResourceDefinition>> subResourceDefinitionsMap =
@@ -163,16 +159,6 @@ public class ViewRegistry {
   private static ViewInstanceDAO instanceDAO;
 
   /**
-   * Admin resource data access object.
-   */
-  private static ResourceDAO resourceDAO;
-
-  /**
-   * Admin resource type data access object.
-   */
-  private static ResourceTypeDAO resourceTypeDAO;
-
-  /**
    * User data access object.
    */
   private static UserDAO userDAO;
@@ -187,6 +173,11 @@ public class ViewRegistry {
    */
   private static PrivilegeDAO privilegeDAO;
 
+  /**
+   * Helper with security related utilities.
+   */
+  private static SecurityHelper securityHelper;
+
 
   // ----- Constructors ------------------------------------------------------
 
@@ -268,17 +259,6 @@ public class ViewRegistry {
   }
 
   /**
-   * Get the instance definition for the given resource id.
-   *
-   * @param resourceId  the resource id.
-   *
-   * @return the view instance for the given resource id
-   */
-  public ViewInstanceEntity getInstanceDefinition(Long resourceId) {
-    return viewInstances.get(resourceId);
-  }
-
-  /**
     * Get the instance definition for the given view name and instance name.
     *
     * @param viewName      the view name
@@ -312,7 +292,6 @@ public class ViewRegistry {
       view.onCreate(instanceDefinition);
     }
     instanceDefinitions.put(instanceDefinition.getName(), instanceDefinition);
-    viewInstances.put(instanceDefinition.getResource().getId(), instanceDefinition);
   }
 
   /**
@@ -332,7 +311,6 @@ public class ViewRegistry {
           view.onDestroy(instanceDefinition);
         }
         instanceDefinitions.remove(instanceName);
-        viewInstances.remove(instanceDefinition.getResource().getId());
       }
     }
   }
@@ -681,6 +659,42 @@ public class ViewRegistry {
     return false;
   }
 
+  /**
+   * Determine whether or not access to the view instance resource identified
+   * by the given instance name should be allowed based on the permissions
+   * granted to the current user.
+   *
+   * @param viewName      the view name
+   * @param version       the view version
+   * @param instanceName  the name of the view instance resource
+   * @param readOnly      indicate whether or not this is for a read only operation
+   *
+   * @return true if the access to the view instance is allowed
+   */
+  public boolean checkPermission(String viewName, String version, String instanceName, boolean readOnly) {
+
+    ViewInstanceEntity instanceEntity =
+        instanceName == null ? null : getInstanceDefinition(viewName, version, instanceName);
+
+    return checkPermission(instanceEntity, readOnly);
+  }
+
+  /**
+   * Determine whether or not access to the given view instance should be allowed based
+   * on the permissions granted to the current user.
+   *
+   * @param instanceEntity  the view instance entity
+   * @param readOnly        indicate whether or not this is for a read only operation
+   *
+   * @return true if the access to the view instance is allowed
+   */
+  public boolean checkPermission(ViewInstanceEntity instanceEntity, boolean readOnly) {
+
+    ResourceEntity resourceEntity = instanceEntity == null ? null : instanceEntity.getResource();
+
+    return (resourceEntity == null && readOnly) || checkAuthorization(resourceEntity);
+  }
+
 
   // ----- helper methods ----------------------------------------------------
 
@@ -1143,27 +1157,52 @@ public class ViewRegistry {
     }
   }
 
+  // check that the current user is authorized to access the given view instance resource
+  private boolean checkAuthorization(ResourceEntity resourceEntity) {
+    for (GrantedAuthority grantedAuthority : securityHelper.getCurrentAuthorities()) {
+      if (grantedAuthority instanceof AmbariGrantedAuthority) {
+
+        AmbariGrantedAuthority authority       = (AmbariGrantedAuthority) grantedAuthority;
+        PrivilegeEntity privilegeEntity = authority.getPrivilegeEntity();
+        Integer                permissionId    = privilegeEntity.getPermission().getId();
+
+        // admin has full access
+        if (permissionId.equals(PermissionEntity.AMBARI_ADMIN_PERMISSION)) {
+          return true;
+        }
+        if (resourceEntity != null) {
+          // VIEW.USE for the given view instance resource.
+          if (privilegeEntity.getResource().equals(resourceEntity)) {
+            if (permissionId.equals(PermissionEntity.VIEW_USE_PERMISSION)) {
+              return true;
+            }
+          }
+        }
+      }
+    }
+    // TODO : should we log this?
+    return false;
+  }
+
   /**
    * Static initialization of DAO.
    *
-   * @param viewDAO          view data access object
-   * @param instanceDAO      view instance data access object
-   * @param resourceDAO      resource data access object
-   * @param resourceTypeDAO  resource type data access object
-   * @param userDAO          user data access object
-   * @param memberDAO        group member data access object
-   * @param privilegeDAO     the privilege data access object
+   * @param viewDAO         view data access object
+   * @param instanceDAO     view instance data access object
+   * @param userDAO         user data access object
+   * @param memberDAO       group member data access object
+   * @param privilegeDAO    the privilege data access object
+   * @param securityHelper  the security helper
    */
-  public static void init(ViewDAO viewDAO, ViewInstanceDAO instanceDAO, ResourceDAO resourceDAO,
-                          ResourceTypeDAO resourceTypeDAO, UserDAO userDAO, MemberDAO memberDAO,
-                          PrivilegeDAO privilegeDAO) {
+  public static void init(ViewDAO viewDAO, ViewInstanceDAO instanceDAO,
+                          UserDAO userDAO, MemberDAO memberDAO, PrivilegeDAO privilegeDAO,
+                          SecurityHelper securityHelper) {
     setViewDAO(viewDAO);
     setInstanceDAO(instanceDAO);
-    setResourceDAO(resourceDAO);
-    setResourceTypeDAO(resourceTypeDAO);
     setUserDAO(userDAO);
     setMemberDAO(memberDAO);
     setPrivilegeDAO(privilegeDAO);
+    setSecurityHelper(securityHelper);
   }
 
   /**
@@ -1185,24 +1224,6 @@ public class ViewRegistry {
   }
 
   /**
-   * Set the resource DAO.
-   *
-   * @param resourceDAO  the resource DAO
-   */
-  protected static void setResourceDAO(ResourceDAO resourceDAO) {
-    ViewRegistry.resourceDAO = resourceDAO;
-  }
-
-  /**
-   * Set the resource type DAO.
-   *
-   * @param resourceTypeDAO  the resource type DAO
-   */
-  protected static void setResourceTypeDAO(ResourceTypeDAO resourceTypeDAO) {
-    ViewRegistry.resourceTypeDAO = resourceTypeDAO;
-  }
-
-  /**
    * Set the user DAO.
    *
    * @param userDAO  the user DAO
@@ -1229,6 +1250,15 @@ public class ViewRegistry {
     ViewRegistry.privilegeDAO = privilegeDAO;
   }
 
+  /**
+   * Set the security helper.
+   *
+   * @param securityHelper  the security helper
+   */
+  protected static void setSecurityHelper(SecurityHelper securityHelper) {
+    ViewRegistry.securityHelper = securityHelper;
+  }
+
 
   // ----- inner class : ViewRegistryHelper ----------------------------------
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/da2ac577/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml b/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml
index bb232b7..097e233 100644
--- a/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml
+++ b/ambari-server/src/main/resources/webapp/WEB-INF/spring-security.xml
@@ -25,9 +25,8 @@
   <http use-expressions="true"
         disable-url-rewriting="true" entry-point-ref="ambariEntryPoint">
     <http-basic entry-point-ref="ambariEntryPoint"/>
-    <intercept-url pattern="/**" access="isAuthenticated()" method="GET"/>
-    <intercept-url pattern="/**" access="hasRole('ADMIN')"/>
-    <custom-filter ref="internalTokenAuthenticationFilter" after="BASIC_AUTH_FILTER"/>
+    <intercept-url pattern="/**" access="isAuthenticated()"/>
+    <custom-filter ref="ambariAuthorizationFilter" after="BASIC_AUTH_FILTER"/>
   </http>
 
   <!--<ldap-server id="ldapServer" root="dc=ambari,dc=apache,dc=org"/>-->

http://git-wip-us.apache.org/repos/asf/ambari/blob/da2ac577/ambari-server/src/test/java/org/apache/ambari/server/agent/AgentResourceTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/agent/AgentResourceTest.java b/ambari-server/src/test/java/org/apache/ambari/server/agent/AgentResourceTest.java
index 7a23293..ff8998a 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/agent/AgentResourceTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/agent/AgentResourceTest.java
@@ -37,6 +37,8 @@ import org.apache.ambari.server.actionmanager.HostRoleCommandFactory;
 import org.apache.ambari.server.actionmanager.StageFactory;
 import org.apache.ambari.server.agent.rest.AgentResource;
 import org.apache.ambari.server.api.services.AmbariMetaInfo;
+import org.apache.ambari.server.security.SecurityHelper;
+import org.apache.ambari.server.security.SecurityHelperImpl;
 import org.apache.ambari.server.state.*;
 import org.apache.ambari.server.state.cluster.ClusterFactory;
 import org.apache.ambari.server.state.cluster.ClusterImpl;
@@ -302,6 +304,7 @@ public class AgentResourceTest extends JerseyTest {
         RequestExecutionImpl.class).build(RequestExecutionFactory.class));
       install(new FactoryModuleBuilder().build(StageFactory.class));
       install(new FactoryModuleBuilder().build(HostRoleCommandFactory.class));
+      bind(SecurityHelper.class).toInstance(SecurityHelperImpl.getInstance());
     }
   }
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/da2ac577/ambari-server/src/test/java/org/apache/ambari/server/api/services/ClusterServiceTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/api/services/ClusterServiceTest.java b/ambari-server/src/test/java/org/apache/ambari/server/api/services/ClusterServiceTest.java
index 238dc83..9051059 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/api/services/ClusterServiceTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/api/services/ClusterServiceTest.java
@@ -21,6 +21,8 @@ package org.apache.ambari.server.api.services;
 import org.apache.ambari.server.api.resources.ResourceInstance;
 import org.apache.ambari.server.api.services.parsers.RequestBodyParser;
 import org.apache.ambari.server.api.services.serializers.ResultSerializer;
+import org.apache.ambari.server.state.Clusters;
+import org.apache.ambari.server.state.cluster.ClustersImpl;
 
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.UriInfo;
@@ -40,33 +42,34 @@ public class ClusterServiceTest extends BaseServiceTest {
 
   public List<ServiceTestInvocation> getTestInvocations() throws Exception {
     List<ServiceTestInvocation> listInvocations = new ArrayList<ServiceTestInvocation>();
+    Clusters clusters = new TestClusters();
 
     //getCluster
-    ClusterService clusterService = new TestClusterService("clusterName");
+    ClusterService clusterService = new TestClusterService(clusters, "clusterName");
     Method m = clusterService.getClass().getMethod("getCluster", String.class, HttpHeaders.class, UriInfo.class, String.class);
     Object[] args = new Object[] {null, getHttpHeaders(), getUriInfo(), "clusterName"};
     listInvocations.add(new ServiceTestInvocation(Request.Type.GET, clusterService, m, args, null));
 
     //getClusters
-    clusterService = new TestClusterService(null);
+    clusterService = new TestClusterService(clusters, null);
     m = clusterService.getClass().getMethod("getClusters", String.class, HttpHeaders.class, UriInfo.class);
     args = new Object[] {null, getHttpHeaders(), getUriInfo()};
     listInvocations.add(new ServiceTestInvocation(Request.Type.GET, clusterService, m, args, null));
 
     //createCluster
-    clusterService = new TestClusterService("clusterName");
+    clusterService = new TestClusterService(clusters, "clusterName");
     m = clusterService.getClass().getMethod("createCluster", String.class, HttpHeaders.class, UriInfo.class, String.class);
     args = new Object[] {"body", getHttpHeaders(), getUriInfo(), "clusterName"};
     listInvocations.add(new ServiceTestInvocation(Request.Type.POST, clusterService, m, args, "body"));
 
     //createCluster
-    clusterService = new TestClusterService("clusterName");
+    clusterService = new TestClusterService(clusters, "clusterName");
     m = clusterService.getClass().getMethod("updateCluster", String.class, HttpHeaders.class, UriInfo.class, String.class);
     args = new Object[] {"body", getHttpHeaders(), getUriInfo(), "clusterName"};
     listInvocations.add(new ServiceTestInvocation(Request.Type.PUT, clusterService, m, args, "body"));
 
     //deleteCluster
-    clusterService = new TestClusterService("clusterName");
+    clusterService = new TestClusterService(clusters, "clusterName");
     m = clusterService.getClass().getMethod("deleteCluster", HttpHeaders.class, UriInfo.class, String.class);
     args = new Object[] {getHttpHeaders(), getUriInfo(), "clusterName"};
     listInvocations.add(new ServiceTestInvocation(Request.Type.DELETE, clusterService, m, args, null));
@@ -78,7 +81,8 @@ public class ClusterServiceTest extends BaseServiceTest {
   private class TestClusterService extends ClusterService {
     private String m_clusterId;
 
-    private TestClusterService(String clusterId) {
+    private TestClusterService(Clusters clusters, String clusterId) {
+      super(clusters);
       m_clusterId = clusterId;
     }
 
@@ -104,5 +108,12 @@ public class ClusterServiceTest extends BaseServiceTest {
     }
   }
 
+  private class TestClusters extends ClustersImpl {
+    @Override
+    public boolean checkPermission(String clusterName, boolean readOnly) {
+      return true;
+    }
+  }
+
   //todo: test getHostHandler, getServiceHandler, getHostComponentHandler
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/da2ac577/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProviderTest.java
index 681119c..864fc14 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProviderTest.java
@@ -117,9 +117,13 @@ public class ClusterPrivilegeResourceProviderTest {
     expect(userDAO.findUsersByPrincipal(principalEntities)).andReturn(userEntities);
     expect(groupDAO.findGroupsByPrincipal(principalEntities)).andReturn(Collections.<GroupEntity>emptyList());
 
+    expect(permissionDAO.findById(2)).andReturn(permissionEntity);
+    expect(permissionDAO.findById(3)).andReturn(permissionEntity);
+
     replay(privilegeDAO, userDAO, groupDAO, principalDAO, permissionDAO, resourceDAO, clusterDAO, privilegeEntity,
         clusterEntity, resourceEntity, userEntity, principalEntity, permissionEntity, principalTypeEntity);
 
+
     PrivilegeResourceProvider provider = new ClusterPrivilegeResourceProvider();
     Set<Resource> resources = provider.getResources(PropertyHelper.getReadRequest(), null);
 
@@ -133,20 +137,31 @@ public class ClusterPrivilegeResourceProviderTest {
 
     verify(privilegeDAO, userDAO, groupDAO, principalDAO, permissionDAO, resourceDAO, clusterDAO, privilegeEntity,
         resourceEntity, clusterEntity, userEntity, principalEntity, permissionEntity, principalTypeEntity);
+    reset(privilegeDAO, userDAO, groupDAO, principalDAO, permissionDAO, resourceDAO, clusterDAO);
   }
 
   @Test
   public void testUpdateResources() throws Exception {
-    PrivilegeResourceProvider provider = new ClusterPrivilegeResourceProvider();
 
+    PermissionEntity permissionEntity = createNiceMock(PermissionEntity.class);
     Request request = createNiceMock(Request.class);
 
+    expect(permissionEntity.getPermissionName()).andReturn("CLUSTER.OPERATE").anyTimes();
+    expect(permissionDAO.findById(2)).andReturn(permissionEntity);
+    expect(permissionDAO.findById(3)).andReturn(permissionEntity);
+
+    replay(permissionDAO, permissionEntity, request);
+
+    PrivilegeResourceProvider provider = new ClusterPrivilegeResourceProvider();
     try {
       provider.updateResources(request, null);
       Assert.fail("expected UnsupportedOperationException");
     } catch (UnsupportedOperationException e) {
       // expected
     }
+
+    verify(permissionDAO, permissionEntity, request);
+    reset(permissionDAO);
   }
 }
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/da2ac577/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterResourceProviderTest.java
index e443bc6..7d51184 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterResourceProviderTest.java
@@ -71,6 +71,7 @@ import org.apache.ambari.server.orm.entities.BlueprintEntity;
 import org.apache.ambari.server.orm.entities.HostGroupComponentEntity;
 import org.apache.ambari.server.orm.entities.HostGroupConfigEntity;
 import org.apache.ambari.server.orm.entities.HostGroupEntity;
+import org.apache.ambari.server.state.Clusters;
 import org.apache.ambari.server.state.ConfigHelper;
 import org.apache.ambari.server.state.DependencyInfo;
 import org.apache.ambari.server.state.PropertyInfo;
@@ -2535,6 +2536,7 @@ public class ClusterResourceProviderTest {
     Resource.Type type = Resource.Type.Cluster;
 
     AmbariManagementController managementController = createMock(AmbariManagementController.class);
+    Clusters clusters = createMock(Clusters.class);
 
     Set<ClusterResponse> allResponse = new HashSet<ClusterResponse>();
     allResponse.add(new ClusterResponse(100L, "Cluster100", State.INSTALLED, null, null, null, null));
@@ -2550,12 +2552,22 @@ public class ClusterResourceProviderTest {
     idResponse.add(new ClusterResponse(103L, "Cluster103", State.INSTALLED, null, null, null, null));
 
     // set expectations
-    expect(managementController.getClusters(EasyMock.<Set<ClusterRequest>>anyObject())).andReturn(allResponse).once();
-    expect(managementController.getClusters(EasyMock.<Set<ClusterRequest>>anyObject())).andReturn(nameResponse).once();
-    expect(managementController.getClusters(EasyMock.<Set<ClusterRequest>>anyObject())).andReturn(idResponse).once();
+    Capture<Set<ClusterRequest>> captureClusterRequests = new Capture<Set<ClusterRequest>>();
+
+    expect(managementController.getClusters(capture(captureClusterRequests))).andReturn(allResponse).once();
+    expect(managementController.getClusters(capture(captureClusterRequests))).andReturn(nameResponse).once();
+    expect(managementController.getClusters(capture(captureClusterRequests))).andReturn(idResponse).once();
+
+    expect(managementController.getClusters()).andReturn(clusters).anyTimes();
+
+    expect(clusters.checkPermission("Cluster100", true)).andReturn(true).anyTimes();
+    expect(clusters.checkPermission("Cluster101", true)).andReturn(true).anyTimes();
+    expect(clusters.checkPermission("Cluster102", true)).andReturn(true).anyTimes();
+    expect(clusters.checkPermission("Cluster103", true)).andReturn(true).anyTimes();
+    expect(clusters.checkPermission("Cluster104", true)).andReturn(false).anyTimes();
 
     // replay
-    replay(managementController);
+    replay(managementController, clusters);
 
     ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
         type,
@@ -2574,7 +2586,7 @@ public class ClusterResourceProviderTest {
     // get all ... no predicate
     Set<Resource> resources = provider.getResources(request, null);
 
-    Assert.assertEquals(5, resources.size());
+    Assert.assertEquals(4, resources.size());
     for (Resource resource : resources) {
       Long id = (Long) resource.getPropertyValue(ClusterResourceProvider.CLUSTER_ID_PROPERTY_ID);
       String name = (String) resource.getPropertyValue(ClusterResourceProvider.CLUSTER_NAME_PROPERTY_ID);
@@ -2605,13 +2617,15 @@ public class ClusterResourceProviderTest {
         getPropertyValue(ClusterResourceProvider.CLUSTER_NAME_PROPERTY_ID));
 
     // verify
-    verify(managementController);
+    verify(managementController, clusters);
   }
 
   @Test
   public void testUpdateResources() throws Exception{
     Resource.Type type = Resource.Type.Cluster;
 
+    Clusters clusters = createMock(Clusters.class);
+
     AmbariManagementController managementController = createMock(AmbariManagementController.class);
     RequestStatusResponse response = createNiceMock(RequestStatusResponse.class);
 
@@ -2633,8 +2647,16 @@ public class ClusterResourceProviderTest {
 
     expect(managementController.getClusterUpdateResults(anyObject(ClusterRequest.class))).andReturn(null).anyTimes();
 
+    expect(managementController.getClusters()).andReturn(clusters).anyTimes();
+
+    expect(clusters.checkPermission("Cluster102", false)).andReturn(true).anyTimes();
+    expect(clusters.checkPermission("Cluster102", true)).andReturn(true).anyTimes();
+    expect(clusters.checkPermission("Cluster103", false)).andReturn(true).anyTimes();
+    expect(clusters.checkPermission("Cluster103", true)).andReturn(true).anyTimes();
+    expect(clusters.checkPermission(null, false)).andReturn(true).anyTimes();
+
     // replay
-    replay(managementController, response);
+    replay(managementController, response, clusters);
 
     ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
         type,
@@ -2671,12 +2693,13 @@ public class ClusterResourceProviderTest {
     Assert.assertEquals(predicate, lastEvent.getPredicate());
 
     // verify
-    verify(managementController, response);
+    verify(managementController, response, clusters);
   }
 
   @Test
   public void testUpdateWithConfiguration() throws Exception {
     AmbariManagementController managementController = createMock(AmbariManagementController.class);
+    Clusters clusters = createMock(Clusters.class);
     RequestStatusResponse response = createNiceMock(RequestStatusResponse.class);
 
     Set<ClusterResponse> nameResponse = new HashSet<ClusterResponse>();
@@ -2691,9 +2714,13 @@ public class ClusterResourceProviderTest {
         eq(mapRequestProps))).andReturn(response).times(1);
     expect(managementController.getClusterUpdateResults(anyObject(ClusterRequest.class))).andReturn(null).anyTimes();
 
+    expect(managementController.getClusters()).andReturn(clusters).anyTimes();
+
+    expect(clusters.checkPermission("Cluster100", true)).andReturn(true).anyTimes();
+    expect(clusters.checkPermission("Cluster100", false)).andReturn(true).anyTimes();
 
     // replay
-    replay(managementController, response);
+    replay(managementController, response, clusters);
 
     Map<String, Object> properties = new LinkedHashMap<String, Object>();
 
@@ -2743,7 +2770,7 @@ public class ClusterResourceProviderTest {
     Assert.assertEquals(predicate, lastEvent.getPredicate());
 
     // verify
-    verify(managementController, response);
+    verify(managementController, response, clusters);
   }
 
   @Test
@@ -2751,6 +2778,7 @@ public class ClusterResourceProviderTest {
     Resource.Type type = Resource.Type.Cluster;
 
     AmbariManagementController managementController = createMock(AmbariManagementController.class);
+    Clusters clusters = createMock(Clusters.class);
     RequestStatusResponse response = createNiceMock(RequestStatusResponse.class);
 
     // set expectations
@@ -2759,8 +2787,13 @@ public class ClusterResourceProviderTest {
     managementController.deleteCluster(
         AbstractResourceProviderTest.Matcher.getClusterRequest(103L, null, null, null));
 
+    expect(managementController.getClusters()).andReturn(clusters).anyTimes();
+
+    expect(clusters.checkPermission("Cluster102", false)).andReturn(true).anyTimes();
+    expect(clusters.checkPermission(null, false)).andReturn(true).anyTimes();
+
     // replay
-    replay(managementController, response);
+    replay(managementController, response, clusters);
 
     ResourceProvider provider = AbstractControllerResourceProvider.getResourceProvider(
         type,
@@ -2790,7 +2823,7 @@ public class ClusterResourceProviderTest {
     Assert.assertNull(lastEvent.getRequest());
 
     // verify
-    verify(managementController, response);
+    verify(managementController, response, clusters);
   }
 
   private class TestClusterResourceProvider extends ClusterResourceProvider {

http://git-wip-us.apache.org/repos/asf/ambari/blob/da2ac577/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java
index 918b19c..d61a0b6 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java
@@ -129,6 +129,8 @@ public class ViewPrivilegeResourceProviderTest {
     expect(principalEntity.getPrincipalType()).andReturn(principalTypeEntity).anyTimes();
     expect(principalTypeEntity.getName()).andReturn("USER").anyTimes();
 
+    expect(permissionDAO.findById(PermissionEntity.VIEW_USE_PERMISSION)).andReturn(permissionEntity);
+
     expect(userDAO.findUsersByPrincipal(principalEntities)).andReturn(userEntities);
     expect(groupDAO.findGroupsByPrincipal(principalEntities)).andReturn(Collections.<GroupEntity>emptyList());
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/da2ac577/ambari-server/src/test/java/org/apache/ambari/server/orm/entities/ViewInstanceEntityTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/orm/entities/ViewInstanceEntityTest.java b/ambari-server/src/test/java/org/apache/ambari/server/orm/entities/ViewInstanceEntityTest.java
index c93465a..d943431 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/orm/entities/ViewInstanceEntityTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/orm/entities/ViewInstanceEntityTest.java
@@ -20,6 +20,7 @@ package org.apache.ambari.server.orm.entities;
 
 import org.apache.ambari.server.configuration.Configuration;
 import org.apache.ambari.server.controller.spi.Resource;
+import org.apache.ambari.server.security.SecurityHelper;
 import org.apache.ambari.server.view.ViewRegistryTest;
 import org.apache.ambari.server.view.configuration.InstanceConfig;
 import org.apache.ambari.server.view.configuration.InstanceConfigTest;
@@ -28,7 +29,10 @@ import org.apache.ambari.server.view.configuration.ViewConfigTest;
 import org.apache.ambari.view.ResourceProvider;
 import org.junit.Assert;
 import org.junit.Test;
+import org.springframework.security.core.GrantedAuthority;
 
+import java.util.Collection;
+import java.util.Collections;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Properties;
@@ -296,9 +300,9 @@ public class ViewInstanceEntityTest {
 
   @Test
   public void testInstanceData() throws Exception {
-    TestUserNameProvider userNameProvider = new TestUserNameProvider("user1");
+    TestSecurityHelper securityHelper = new TestSecurityHelper("user1");
 
-    ViewInstanceEntity viewInstanceDefinition = getViewInstanceEntity(userNameProvider);
+    ViewInstanceEntity viewInstanceDefinition = getViewInstanceEntity(securityHelper);
 
     viewInstanceDefinition.putInstanceData("key1", "foo");
 
@@ -329,7 +333,7 @@ public class ViewInstanceEntityTest {
     Assert.assertEquals(4, dataMap.size());
     Assert.assertFalse(dataMap.containsKey("key3"));
 
-    userNameProvider.setUser("user2");
+    securityHelper.setUser("user2");
 
     dataMap = viewInstanceDefinition.getInstanceDataMap();
     Assert.assertTrue(dataMap.isEmpty());
@@ -346,7 +350,7 @@ public class ViewInstanceEntityTest {
     Assert.assertEquals("bbb", dataMap.get("key2"));
     Assert.assertEquals("ccc", dataMap.get("key3"));
 
-    userNameProvider.setUser("user1");
+    securityHelper.setUser("user1");
 
     dataMap = viewInstanceDefinition.getInstanceDataMap();
     Assert.assertEquals(4, dataMap.size());
@@ -423,18 +427,18 @@ public class ViewInstanceEntityTest {
     }
   }
 
-  public static ViewInstanceEntity getViewInstanceEntity(ViewInstanceEntity.UserNameProvider userNameProvider)
+  public static ViewInstanceEntity getViewInstanceEntity(SecurityHelper securityHelper)
       throws Exception {
     ViewInstanceEntity viewInstanceEntity = getViewInstanceEntity();
-    viewInstanceEntity.setUserNameProvider(userNameProvider);
+    viewInstanceEntity.setSecurityHelper(securityHelper);
     return viewInstanceEntity;
   }
 
-  protected static class TestUserNameProvider extends ViewInstanceEntity.UserNameProvider {
+  protected static class TestSecurityHelper implements SecurityHelper {
 
     private String user;
 
-    public TestUserNameProvider(String user) {
+    public TestSecurityHelper(String user) {
       this.user = user;
     }
 
@@ -443,8 +447,13 @@ public class ViewInstanceEntityTest {
     }
 
     @Override
-    public String getUsername() {
+    public String getCurrentUserName() {
       return user;
     }
+
+    @Override
+    public Collection<? extends GrantedAuthority> getCurrentAuthorities() {
+      return Collections.emptyList();
+    }
   }
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/da2ac577/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java
index caffd02..7fecffd 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java
@@ -23,7 +23,12 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Iterator;
 
-import org.apache.ambari.server.orm.entities.RoleEntity;
+import org.apache.ambari.server.orm.entities.PermissionEntity;
+import org.apache.ambari.server.orm.entities.PrincipalEntity;
+import org.apache.ambari.server.orm.entities.PrincipalTypeEntity;
+import org.apache.ambari.server.orm.entities.PrivilegeEntity;
+import org.apache.ambari.server.orm.entities.ResourceEntity;
+import org.apache.ambari.server.orm.entities.ResourceTypeEntity;
 import org.junit.Assert;
 import org.junit.Test;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -34,23 +39,60 @@ import org.springframework.security.core.context.SecurityContextHolder;
 public class AuthorizationHelperTest {
 
   @Test
-  public void testConvertRolesToAuthorities() throws Exception {
-    Collection<RoleEntity> roles = new ArrayList<RoleEntity>();
-    RoleEntity role = new RoleEntity();
-    role.setRoleName("admin");
-    roles.add(role);
-    role = new RoleEntity();
-    role.setRoleName("user");
-    roles.add(role);
+  public void testConvertPrivilegesToAuthorities() throws Exception {
+    Collection<PrivilegeEntity> privilegeEntities = new ArrayList<PrivilegeEntity>();
 
-    Collection<GrantedAuthority> authorities = new AuthorizationHelper().convertRolesToAuthorities(roles);
+    ResourceTypeEntity resourceTypeEntity = new ResourceTypeEntity();
+    resourceTypeEntity.setId(1);
+    resourceTypeEntity.setName("CLUSTER");
+
+    ResourceEntity resourceEntity = new ResourceEntity();
+    resourceEntity.setId(1L);
+    resourceEntity.setResourceType(resourceTypeEntity);
+
+    PrincipalTypeEntity principalTypeEntity = new PrincipalTypeEntity();
+    principalTypeEntity.setId(1);
+    principalTypeEntity.setName("USER");
+
+    PrincipalEntity principalEntity = new PrincipalEntity();
+    principalEntity.setPrincipalType(principalTypeEntity);
+    principalEntity.setId(1L);
+
+    PermissionEntity permissionEntity1 = new PermissionEntity();
+    permissionEntity1.setPermissionName("Permission1");
+    permissionEntity1.setResourceType(resourceTypeEntity);
+    permissionEntity1.setId(2);
+    permissionEntity1.setPermissionName("CLUSTER.READ");
+
+    PermissionEntity permissionEntity2 = new PermissionEntity();
+    permissionEntity2.setPermissionName("Permission1");
+    permissionEntity2.setResourceType(resourceTypeEntity);
+    permissionEntity2.setId(3);
+    permissionEntity2.setPermissionName("CLUSTER.OPERATE");
+
+    PrivilegeEntity privilegeEntity1 = new PrivilegeEntity();
+    privilegeEntity1.setId(1);
+    privilegeEntity1.setPermission(permissionEntity1);
+    privilegeEntity1.setPrincipal(principalEntity);
+    privilegeEntity1.setResource(resourceEntity);
+
+    PrivilegeEntity privilegeEntity2 = new PrivilegeEntity();
+    privilegeEntity2.setId(1);
+    privilegeEntity2.setPermission(permissionEntity2);
+    privilegeEntity2.setPrincipal(principalEntity);
+    privilegeEntity2.setResource(resourceEntity);
+
+    privilegeEntities.add(privilegeEntity1);
+    privilegeEntities.add(privilegeEntity2);
+
+    Collection<GrantedAuthority> authorities = new AuthorizationHelper().convertPrivilegesToAuthorities(privilegeEntities);
 
     assertEquals("Wrong number of authorities", 2, authorities.size());
     Iterator<GrantedAuthority> iterator = authorities.iterator();
-    assertEquals("Wrong authority name", "ADMIN", iterator.next().getAuthority());
-
+    assertEquals("Wrong authority name", "CLUSTER.READ@1", iterator.next().getAuthority());
+    assertEquals("Wrong authority name", "CLUSTER.OPERATE@1", iterator.next().getAuthority());
   }
-  
+
   @Test
   public void testAuthName() throws Exception {
     String user = AuthorizationHelper.getAuthenticatedName();

http://git-wip-us.apache.org/repos/asf/ambari/blob/da2ac577/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java
index 54ec977..816f3ab 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestAmbariLdapAuthoritiesPopulator.java
@@ -18,12 +18,17 @@
 package org.apache.ambari.server.security.authorization;
 
 import org.apache.ambari.server.configuration.Configuration;
+import org.apache.ambari.server.orm.dao.MemberDAO;
 import org.apache.ambari.server.orm.dao.PrincipalDAO;
 import org.apache.ambari.server.orm.dao.PrincipalTypeDAO;
+import org.apache.ambari.server.orm.dao.PrivilegeDAO;
 import org.apache.ambari.server.orm.dao.RoleDAO;
 import org.apache.ambari.server.orm.dao.UserDAO;
+import org.apache.ambari.server.orm.entities.GroupEntity;
+import org.apache.ambari.server.orm.entities.MemberEntity;
 import org.apache.ambari.server.orm.entities.PrincipalEntity;
 import org.apache.ambari.server.orm.entities.PrincipalTypeEntity;
+import org.apache.ambari.server.orm.entities.PrivilegeEntity;
 import org.apache.ambari.server.orm.entities.RoleEntity;
 import org.apache.ambari.server.orm.entities.UserEntity;
 import org.easymock.Capture;
@@ -32,8 +37,11 @@ import org.junit.Before;
 import org.junit.Test;
 import org.springframework.ldap.core.DirContextOperations;
 
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
+import java.util.LinkedList;
+import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
@@ -49,9 +57,16 @@ public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport {
   RoleDAO roleDAO = createMock(RoleDAO.class);
   PrincipalDAO principalDAO = createMock(PrincipalDAO.class);
   PrincipalTypeDAO principalTypeDAO = createMock(PrincipalTypeDAO.class);
+  MemberDAO memberDAO = createMock(MemberDAO.class);
+  PrivilegeDAO privilegeDAO = createMock(PrivilegeDAO.class);
   LdapServerProperties ldapServerProperties = createMock(LdapServerProperties.class);
   DirContextOperations userData = createMock(DirContextOperations.class);
   UserEntity userEntity = createMock(UserEntity.class);
+  PrincipalEntity principalEntity = createMock(PrincipalEntity.class);
+  PrincipalEntity groupPrincipalEntity = createMock(PrincipalEntity.class);
+  MemberEntity memberEntity = createMock(MemberEntity.class);
+  GroupEntity groupEntity = createMock(GroupEntity.class);
+  PrivilegeEntity privilegeEntity = createMock(PrivilegeEntity.class);
 
   Set<RoleEntity> roleSetStub = new HashSet<RoleEntity>();
   String username = "user";
@@ -79,7 +94,7 @@ public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport {
     AmbariLdapAuthoritiesPopulator populator = createMockBuilder(AmbariLdapAuthoritiesPopulator.class)
         .addMockedMethod("createLdapUser")
         .withConstructor(
-            configuration, helper, userDAO, roleDAO, principalDAO, principalTypeDAO
+            configuration, helper, userDAO, roleDAO, principalDAO, principalTypeDAO, memberDAO, privilegeDAO
         ).createMock();
 
 
@@ -87,7 +102,14 @@ public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport {
 
     expect(configuration.getLdapServerProperties()).andReturn(ldapServerProperties).atLeastOnce();
 
-    expect(userEntity.getRoleEntities()).andReturn(roleSetStub);
+    expect(userEntity.getPrincipal()).andReturn(principalEntity);
+    expect(memberDAO.findAllMembersByUser(userEntity)).andReturn(Collections.singletonList(memberEntity));
+    expect(memberEntity.getGroup()).andReturn(groupEntity);
+    expect(groupEntity.getPrincipal()).andReturn(groupPrincipalEntity);
+    List<PrincipalEntity> principalEntityList = new LinkedList<PrincipalEntity>();
+    principalEntityList.add(principalEntity);
+    principalEntityList.add(groupPrincipalEntity);
+    expect(privilegeDAO.findAllByPrincipal(principalEntityList)).andReturn(Collections.singletonList(privilegeEntity));
 
     populator.createLdapUser(username);
     expectLastCall();
@@ -111,7 +133,7 @@ public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport {
         .addMockedMethod("addRole")
         .addMockedMethod("removeRole")
         .withConstructor(
-            configuration, helper, userDAO, roleDAO, principalDAO, principalTypeDAO
+            configuration, helper, userDAO, roleDAO, principalDAO, principalTypeDAO, memberDAO, privilegeDAO
         ).createMock();
 
     expect(userData.getObjectAttribute("ambari_admin")).andReturn(Boolean.TRUE).andReturn(Boolean.FALSE);
@@ -120,9 +142,14 @@ public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport {
 
     expect(configuration.getLdapServerProperties()).andReturn(ldapServerProperties).atLeastOnce();
 
-
-
-    expect(userEntity.getRoleEntities()).andReturn(roleSetStub).times(2);
+    expect(userEntity.getPrincipal()).andReturn(principalEntity).anyTimes();
+    expect(memberDAO.findAllMembersByUser(userEntity)).andReturn(Collections.singletonList(memberEntity)).anyTimes();
+    expect(memberEntity.getGroup()).andReturn(groupEntity).anyTimes();
+    expect(groupEntity.getPrincipal()).andReturn(groupPrincipalEntity).anyTimes();
+    List<PrincipalEntity> principalEntityList = new LinkedList<PrincipalEntity>();
+    principalEntityList.add(principalEntity);
+    principalEntityList.add(groupPrincipalEntity);
+    expect(privilegeDAO.findAllByPrincipal(principalEntityList)).andReturn(Collections.singletonList(privilegeEntity)).anyTimes();
 
     expect(userDAO.findLdapUserByName(username)).andReturn(null).andReturn(userEntity).times(2);
 
@@ -149,7 +176,7 @@ public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport {
         .addMockedMethod("addRole")
         .addMockedMethod("removeRole")
         .withConstructor(
-            configuration, helper, userDAO, roleDAO, principalDAO, principalTypeDAO
+            configuration, helper, userDAO, roleDAO, principalDAO, principalTypeDAO, memberDAO, privilegeDAO
         ).createMock();
 
     Capture<UserEntity> createEntity = new Capture<UserEntity>();
@@ -190,7 +217,8 @@ public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport {
   @Test
   public void testAddRole() throws Exception {
     AmbariLdapAuthoritiesPopulator populator =
-        new AmbariLdapAuthoritiesPopulator(configuration, helper, userDAO, roleDAO, principalDAO, principalTypeDAO);
+        new AmbariLdapAuthoritiesPopulator(configuration, helper, userDAO, roleDAO, principalDAO, principalTypeDAO,
+            memberDAO, privilegeDAO);
 
     RoleEntity roleEntity = createMock(RoleEntity.class);
     Set<UserEntity> userEntities = createMock(Set.class);
@@ -243,7 +271,8 @@ public class TestAmbariLdapAuthoritiesPopulator extends EasyMockSupport {
     int userId = 123;
 
     AmbariLdapAuthoritiesPopulator populator =
-        new AmbariLdapAuthoritiesPopulator(configuration, helper, userDAO, roleDAO, principalDAO, principalTypeDAO);
+        new AmbariLdapAuthoritiesPopulator(configuration, helper, userDAO, roleDAO, principalDAO, principalTypeDAO,
+            memberDAO, privilegeDAO);
 
     RoleEntity roleEntity = createMock(RoleEntity.class);
     Set<UserEntity> userEntities = createMock(Set.class);

http://git-wip-us.apache.org/repos/asf/ambari/blob/da2ac577/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java b/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java
index fbe1c90..5396eec 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java
@@ -24,8 +24,6 @@ import org.apache.ambari.server.controller.spi.Resource;
 import org.apache.ambari.server.controller.spi.ResourceProvider;
 import org.apache.ambari.server.orm.dao.MemberDAO;
 import org.apache.ambari.server.orm.dao.PrivilegeDAO;
-import org.apache.ambari.server.orm.dao.ResourceDAO;
-import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
 import org.apache.ambari.server.orm.dao.UserDAO;
 import org.apache.ambari.server.orm.dao.ViewDAO;
 import org.apache.ambari.server.orm.dao.ViewInstanceDAO;
@@ -36,6 +34,7 @@ import org.apache.ambari.server.orm.entities.ViewEntityTest;
 import org.apache.ambari.server.orm.entities.ViewInstanceDataEntity;
 import org.apache.ambari.server.orm.entities.ViewInstanceEntity;
 import org.apache.ambari.server.orm.entities.ViewInstanceEntityTest;
+import org.apache.ambari.server.security.SecurityHelper;
 import org.apache.ambari.server.view.configuration.InstanceConfig;
 import org.apache.ambari.server.view.configuration.InstanceConfigTest;
 import org.apache.ambari.server.view.configuration.PropertyConfig;
@@ -161,18 +160,10 @@ public class ViewRegistryTest {
     InputStream is = createMock(InputStream.class);
     FileOutputStream fos = createMock(FileOutputStream.class);
 
-    ResourceTypeDAO rtDAO = createMock(ResourceTypeDAO.class);
-
-    ViewRegistry.setResourceTypeDAO(rtDAO);
-
     ResourceTypeEntity resourceTypeEntity = new ResourceTypeEntity();
     resourceTypeEntity.setId(10);
     resourceTypeEntity.setName("MY_VIEW{1.0.0}");
 
-    ResourceDAO rDAO = createMock(ResourceDAO.class);
-
-    ViewRegistry.setResourceDAO(rDAO);
-
     ViewDAO vDAO = createMock(ViewDAO.class);
 
     ViewRegistry.setViewDAO(vDAO);
@@ -261,7 +252,7 @@ public class ViewRegistryTest {
 
     // replay mocks
     replay(configuration, viewDir, extractedArchiveDir, viewArchive, archiveDir, entryFile, classesDir,
-        libDir, fileEntry, viewJarFile, enumeration, jarEntry, is, fos, vDAO, rtDAO, rDAO);
+        libDir, fileEntry, viewJarFile, enumeration, jarEntry, is, fos, vDAO);
 
     ViewRegistry registry = ViewRegistry.getInstance();
     registry.setHelper(new TestViewRegistryHelper(viewConfigs, files, outputStreams, jarFiles));
@@ -273,7 +264,7 @@ public class ViewRegistryTest {
 
     // verify mocks
     verify(configuration, viewDir, extractedArchiveDir, viewArchive, archiveDir, entryFile, classesDir,
-        libDir, fileEntry, viewJarFile, enumeration, jarEntry, is, fos, vDAO, rtDAO, rDAO);
+        libDir, fileEntry, viewJarFile, enumeration, jarEntry, is, fos, vDAO);
   }
 
   @Test
@@ -294,18 +285,10 @@ public class ViewRegistryTest {
     InputStream is = createMock(InputStream.class);
     FileOutputStream fos = createMock(FileOutputStream.class);
 
-    ResourceTypeDAO rtDAO = createMock(ResourceTypeDAO.class);
-
-    ViewRegistry.setResourceTypeDAO(rtDAO);
-
     ResourceTypeEntity resourceTypeEntity = new ResourceTypeEntity();
     resourceTypeEntity.setId(10);
     resourceTypeEntity.setName("MY_VIEW{1.0.0}");
 
-    ResourceDAO rDAO = createMock(ResourceDAO.class);
-
-    ViewRegistry.setResourceDAO(rDAO);
-
     ViewDAO vDAO = createMock(ViewDAO.class);
 
     ViewRegistry.setViewDAO(vDAO);
@@ -392,11 +375,9 @@ public class ViewRegistryTest {
 
     expect(vDAO.findAll()).andReturn(Collections.<ViewEntity>emptyList());
 
-    Capture<ResourceEntity> resourceEntityCapture = new Capture<ResourceEntity>();
-
     // replay mocks
     replay(configuration, viewDir, extractedArchiveDir, viewArchive, archiveDir, entryFile, classesDir,
-        libDir, fileEntry, viewJarFile, enumeration, jarEntry, is, fos, vDAO, rtDAO, rDAO);
+        libDir, fileEntry, viewJarFile, enumeration, jarEntry, is, fos, vDAO);
 
     ViewRegistry registry = ViewRegistry.getInstance();
     registry.setHelper(new TestViewRegistryHelper(viewConfigs, files, outputStreams, jarFiles));
@@ -407,7 +388,7 @@ public class ViewRegistryTest {
 
     // verify mocks
     verify(configuration, viewDir, extractedArchiveDir, viewArchive, archiveDir, entryFile, classesDir,
-        libDir, fileEntry, viewJarFile, enumeration, jarEntry, is, fos, vDAO, rtDAO, rDAO);
+        libDir, fileEntry, viewJarFile, enumeration, jarEntry, is, fos, vDAO);
   }
 
   @Test
@@ -523,13 +504,12 @@ public class ViewRegistryTest {
 
     ViewDAO viewDAO = createNiceMock(ViewDAO.class);
     ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class);
-    ResourceDAO resourceDAO = createNiceMock(ResourceDAO.class);
-    ResourceTypeDAO resourceTypeDAO = createNiceMock(ResourceTypeDAO.class);
     UserDAO userDAO = createNiceMock(UserDAO.class);
     MemberDAO memberDAO = createNiceMock(MemberDAO.class);
     PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class);
+    SecurityHelper securityHelper = createNiceMock(SecurityHelper.class);
 
-    ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO, userDAO, memberDAO, privilegeDAO);
+    ViewRegistry.init(viewDAO, viewInstanceDAO, userDAO, memberDAO, privilegeDAO, securityHelper);
 
     ViewRegistry registry = ViewRegistry.getInstance();
 
@@ -545,7 +525,7 @@ public class ViewRegistryTest {
     expect(viewInstanceDAO.merge(viewInstanceEntity)).andReturn(null);
     expect(viewInstanceDAO.findByName("MY_VIEW{1.0.0}", viewInstanceEntity.getInstanceName())).andReturn(viewInstanceEntity);
 
-    replay(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO);
+    replay(viewDAO, viewInstanceDAO, securityHelper);
 
     registry.addDefinition(viewEntity);
     registry.installViewInstance(viewInstanceEntity);
@@ -556,7 +536,7 @@ public class ViewRegistryTest {
 
     Assert.assertEquals(viewInstanceEntity, viewInstanceDefinitions.iterator().next());
 
-    verify(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO);
+    verify(viewDAO, viewInstanceDAO, securityHelper);
   }
 
   @Test
@@ -564,13 +544,12 @@ public class ViewRegistryTest {
 
     ViewDAO viewDAO = createNiceMock(ViewDAO.class);
     ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class);
-    ResourceDAO resourceDAO = createNiceMock(ResourceDAO.class);
-    ResourceTypeDAO resourceTypeDAO = createNiceMock(ResourceTypeDAO.class);
     UserDAO userDAO = createNiceMock(UserDAO.class);
     MemberDAO memberDAO = createNiceMock(MemberDAO.class);
     PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class);
+    SecurityHelper securityHelper = createNiceMock(SecurityHelper.class);
 
-    ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO, userDAO, memberDAO, privilegeDAO);
+    ViewRegistry.init(viewDAO, viewInstanceDAO, userDAO, memberDAO, privilegeDAO, securityHelper);
 
     ViewRegistry registry = ViewRegistry.getInstance();
 
@@ -583,7 +562,7 @@ public class ViewRegistryTest {
     ViewEntity viewEntity = getViewEntity(config, ambariConfig, getClass().getClassLoader(), "");
     ViewInstanceEntity viewInstanceEntity = getViewInstanceEntity(viewEntity, config.getInstances().get(0));
 
-    replay(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO);
+    replay(viewDAO, viewInstanceDAO, securityHelper);
 
     registry.addDefinition(viewEntity);
     try {
@@ -592,7 +571,7 @@ public class ViewRegistryTest {
     } catch (IllegalStateException e) {
       // expected
     }
-    verify(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO);
+    verify(viewDAO, viewInstanceDAO, securityHelper);
   }
 
   @Test
@@ -600,13 +579,12 @@ public class ViewRegistryTest {
 
     ViewDAO viewDAO = createNiceMock(ViewDAO.class);
     ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class);
-    ResourceDAO resourceDAO = createNiceMock(ResourceDAO.class);
-    ResourceTypeDAO resourceTypeDAO = createNiceMock(ResourceTypeDAO.class);
     UserDAO userDAO = createNiceMock(UserDAO.class);
     MemberDAO memberDAO = createNiceMock(MemberDAO.class);
     PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class);
+    SecurityHelper securityHelper = createNiceMock(SecurityHelper.class);
 
-    ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO, userDAO, memberDAO, privilegeDAO);
+    ViewRegistry.init(viewDAO, viewInstanceDAO, userDAO, memberDAO, privilegeDAO, securityHelper);
 
     ViewRegistry registry = ViewRegistry.getInstance();
 
@@ -620,7 +598,7 @@ public class ViewRegistryTest {
     ViewInstanceEntity viewInstanceEntity = getViewInstanceEntity(viewEntity, config.getInstances().get(0));
     viewInstanceEntity.setViewName("BOGUS_VIEW");
 
-    replay(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO);
+    replay(viewDAO, viewInstanceDAO, securityHelper);
 
     registry.addDefinition(viewEntity);
     try {
@@ -629,7 +607,7 @@ public class ViewRegistryTest {
     } catch (IllegalArgumentException e) {
       // expected
     }
-    verify(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO);
+    verify(viewDAO, viewInstanceDAO, securityHelper);
   }
 
   @Test
@@ -637,13 +615,12 @@ public class ViewRegistryTest {
 
     ViewDAO viewDAO = createNiceMock(ViewDAO.class);
     ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class);
-    ResourceDAO resourceDAO = createNiceMock(ResourceDAO.class);
-    ResourceTypeDAO resourceTypeDAO = createNiceMock(ResourceTypeDAO.class);
     UserDAO userDAO = createNiceMock(UserDAO.class);
     MemberDAO memberDAO = createNiceMock(MemberDAO.class);
     PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class);
+    SecurityHelper securityHelper = createNiceMock(SecurityHelper.class);
 
-    ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO, userDAO, memberDAO, privilegeDAO);
+    ViewRegistry.init(viewDAO, viewInstanceDAO, userDAO, memberDAO, privilegeDAO, securityHelper);
 
     ViewRegistry registry = ViewRegistry.getInstance();
 
@@ -661,7 +638,7 @@ public class ViewRegistryTest {
     expect(viewInstanceDAO.merge(viewInstanceEntity)).andReturn(viewInstanceEntity);
     expect(viewInstanceDAO.findByName("MY_VIEW{1.0.0}", viewInstanceEntity.getInstanceName())).andReturn(viewInstanceEntity);
 
-    replay(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO);
+    replay(viewDAO, viewInstanceDAO, securityHelper);
 
     registry.addDefinition(viewEntity);
     registry.installViewInstance(viewInstanceEntity);
@@ -674,7 +651,7 @@ public class ViewRegistryTest {
 
     Assert.assertEquals(viewInstanceEntity, viewInstanceDefinitions.iterator().next());
 
-    verify(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO);
+    verify(viewDAO, viewInstanceDAO, securityHelper);
   }
 
   @Test
@@ -682,13 +659,12 @@ public class ViewRegistryTest {
 
     ViewDAO viewDAO = createNiceMock(ViewDAO.class);
     ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class);
-    ResourceDAO resourceDAO = createNiceMock(ResourceDAO.class);
-    ResourceTypeDAO resourceTypeDAO = createNiceMock(ResourceTypeDAO.class);
     UserDAO userDAO = createNiceMock(UserDAO.class);
     MemberDAO memberDAO = createNiceMock(MemberDAO.class);
     PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class);
+    SecurityHelper securityHelper = createNiceMock(SecurityHelper.class);
 
-    ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO, userDAO, memberDAO, privilegeDAO);
+    ViewRegistry.init(viewDAO, viewInstanceDAO, userDAO, memberDAO, privilegeDAO, securityHelper);
 
     ViewRegistry registry = ViewRegistry.getInstance();
 
@@ -706,7 +682,7 @@ public class ViewRegistryTest {
     expect(viewInstanceDAO.merge(viewInstanceEntity)).andReturn(null);
     expect(viewInstanceDAO.findByName("MY_VIEW{1.0.0}", viewInstanceEntity.getInstanceName())).andReturn(viewInstanceEntity);
 
-    replay(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO);
+    replay(viewDAO, viewInstanceDAO, securityHelper);
 
     registry.addDefinition(viewEntity);
     registry.installViewInstance(viewInstanceEntity);
@@ -717,7 +693,7 @@ public class ViewRegistryTest {
     } catch (IllegalStateException e) {
       // expected
     }
-    verify(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO);
+    verify(viewDAO, viewInstanceDAO, securityHelper);
   }
 
   @Test
@@ -725,13 +701,12 @@ public class ViewRegistryTest {
 
     ViewDAO viewDAO = createNiceMock(ViewDAO.class);
     ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class);
-    ResourceDAO resourceDAO = createNiceMock(ResourceDAO.class);
-    ResourceTypeDAO resourceTypeDAO = createNiceMock(ResourceTypeDAO.class);
     UserDAO userDAO = createNiceMock(UserDAO.class);
     MemberDAO memberDAO = createNiceMock(MemberDAO.class);
     PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class);
+    SecurityHelper securityHelper = createNiceMock(SecurityHelper.class);
 
-    ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO, userDAO, memberDAO, privilegeDAO);
+    ViewRegistry.init(viewDAO, viewInstanceDAO, userDAO, memberDAO, privilegeDAO, securityHelper);
 
     ViewRegistry registry = ViewRegistry.getInstance();
 
@@ -743,12 +718,12 @@ public class ViewRegistryTest {
 
     viewInstanceDAO.removeData(dataEntity);
     expect(viewInstanceDAO.merge(viewInstanceEntity)).andReturn(viewInstanceEntity);
-    replay(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO);
+    replay(viewDAO, viewInstanceDAO, securityHelper);
 
     registry.removeInstanceData(viewInstanceEntity, "foo");
 
     Assert.assertNull(viewInstanceEntity.getInstanceData("foo"));
-    verify(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO);
+    verify(viewDAO, viewInstanceDAO, securityHelper);
   }
 
   @Before


Mime
View raw message