falcon-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From venkat...@apache.org
Subject [2/5] incubator-falcon git commit: FALCON-595 Improvements to DefaultAuthorizationProvider code. Contributed by Raghav Kumar Gautam
Date Sat, 08 Nov 2014 05:32:36 GMT
FALCON-595 Improvements to DefaultAuthorizationProvider code. Contributed by Raghav Kumar Gautam


Project: http://git-wip-us.apache.org/repos/asf/incubator-falcon/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-falcon/commit/d2a25082
Tree: http://git-wip-us.apache.org/repos/asf/incubator-falcon/tree/d2a25082
Diff: http://git-wip-us.apache.org/repos/asf/incubator-falcon/diff/d2a25082

Branch: refs/heads/master
Commit: d2a25082b85f5075eef4cd50e18efe2fce67e46b
Parents: 8190456
Author: Venkatesh Seetharam <venkatesh@apache.org>
Authored: Fri Nov 7 20:18:12 2014 -0800
Committer: Venkatesh Seetharam <venkatesh@apache.org>
Committed: Fri Nov 7 21:33:25 2014 -0800

----------------------------------------------------------------------
 CHANGES.txt                                     |  3 +++
 .../security/DefaultAuthorizationProvider.java  | 28 +++++++-------------
 2 files changed, 13 insertions(+), 18 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-falcon/blob/d2a25082/CHANGES.txt
----------------------------------------------------------------------
diff --git a/CHANGES.txt b/CHANGES.txt
index d6d8747..aaea457 100755
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -129,6 +129,9 @@ Trunk (Unreleased)
   OPTIMIZATIONS
 
   BUG FIXES
+   FALCON-595 Improvements to DefaultAuthorizationProvider code
+   (Raghav Kumar Gautam via Venkatesh Seetharam)
+
    FALCON-868 Rerun command incorrect in falcon CLI documentation
    (Karishma Gulati via Venkatesh Seetharam)
 

http://git-wip-us.apache.org/repos/asf/incubator-falcon/blob/d2a25082/common/src/main/java/org/apache/falcon/security/DefaultAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/common/src/main/java/org/apache/falcon/security/DefaultAuthorizationProvider.java
b/common/src/main/java/org/apache/falcon/security/DefaultAuthorizationProvider.java
index b59718c..d2d48c7 100644
--- a/common/src/main/java/org/apache/falcon/security/DefaultAuthorizationProvider.java
+++ b/common/src/main/java/org/apache/falcon/security/DefaultAuthorizationProvider.java
@@ -85,9 +85,9 @@ public class DefaultAuthorizationProvider implements AuthorizationProvider
{
     /**
      * Super user group.
      */
-    private String superUserGroup;
-    private Set<String> adminUsers;
-    private Set<String> adminGroups;
+    private final String superUserGroup;
+    private final Set<String> adminUsers;
+    private final Set<String> adminGroups;
 
     public DefaultAuthorizationProvider() {
         superUserGroup = StartupProperties.get().getProperty(SUPER_USER_GROUP_KEY);
@@ -95,14 +95,14 @@ public class DefaultAuthorizationProvider implements AuthorizationProvider
{
         adminGroups = getAdminNamesFromConfig(ADMIN_GROUPS_KEY);
     }
 
-    private HashSet<String> getAdminNamesFromConfig(String key) {
-        HashSet<String> adminNames = new HashSet<String>();
+    private Set<String> getAdminNamesFromConfig(String key) {
+        Set<String> adminNames = new HashSet<String>();
         String adminNamesConfig = StartupProperties.get().getProperty(key);
         if (!StringUtils.isEmpty(adminNamesConfig)) {
             adminNames.addAll(Arrays.asList(adminNamesConfig.split(",")));
         }
 
-        return adminNames;
+        return Collections.unmodifiableSet(adminNames);
     }
 
     /**
@@ -180,8 +180,7 @@ public class DefaultAuthorizationProvider implements AuthorizationProvider
{
     }
 
     protected Set<String> getGroupNames(UserGroupInformation proxyUgi) {
-        HashSet<String> s = new HashSet<String>(Arrays.asList(proxyUgi.getGroupNames()));
-        return Collections.unmodifiableSet(s);
+        return new HashSet<String>(Arrays.asList(proxyUgi.getGroupNames()));
     }
 
     /**
@@ -288,16 +287,9 @@ public class DefaultAuthorizationProvider implements AuthorizationProvider
{
     }
 
     protected boolean isUserInAdminGroups(UserGroupInformation proxyUgi) {
-        Set<String> groups = getGroupNames(proxyUgi);
-        boolean isUserGroupInAdmin = false;
-        for (String group : groups) {
-            if (adminGroups.contains(group)) {
-                isUserGroupInAdmin = true;
-                break;
-            }
-        }
-
-        return isUserGroupInAdmin;
+        final Set<String> groups = getGroupNames(proxyUgi);
+        groups.retainAll(adminGroups);
+        return !groups.isEmpty();
     }
 
     protected void authorizeEntityResource(UserGroupInformation authenticatedUGI,


Mime
View raw message