This is an automated email from the ASF dual-hosted git repository.
chaow pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/iotdb.git
The following commit(s) were added to refs/heads/master by this push:
new 956165acdc [IOTDB-3175] Unable to find file when creating user with
AuthorInfo (#5867)
956165acdc is described below
commit 956165acdc54ba9c15aa2857981675e5057f392c
Author: 任宇华 <[email protected]>
AuthorDate: Fri May 13 15:34:46 2022 +0800
[IOTDB-3175] Unable to find file when creating user with AuthorInfo (#5867)
Co-authored-by: renyuhua <[email protected]>
---
.../iotdb/confignode/persistence/AuthorInfo.java | 6 +-
.../confignode/persistence/AuthorInfoTest.java | 292 +++++++++++++++++++++
.../commons/auth/role/LocalFileRoleAccessor.java | 11 +-
.../iotdb/commons/auth/user/BasicUserManager.java | 5 +
.../iotdb/commons/auth/user/IUserAccessor.java | 7 +
.../commons/auth/user/LocalFileUserAccessor.java | 12 +-
.../org/apache/iotdb/db/auth/AuthorityChecker.java | 1 -
.../apache/iotdb/db/auth}/AuthorizerManager.java | 10 +-
.../db/protocol/mqtt/BrokerAuthenticator.java | 4 +-
.../protocol/rest/filter/AuthorizationFilter.java | 4 +-
.../apache/iotdb/db/qp/executor/PlanExecutor.java | 2 +-
.../iotdb/db/query/control/SessionManager.java | 2 +-
.../db/service/thrift/impl/TSServiceImpl.java | 9 +-
.../apache/iotdb/db/auth/AuthorityCheckerTest.java | 3 +-
.../auth/authorizer/LocalFileAuthorizerTest.java | 12 +-
.../apache/iotdb/db/utils/EnvironmentUtils.java | 4 +-
16 files changed, 347 insertions(+), 37 deletions(-)
diff --git
a/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java
b/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java
index c3941b942b..a27c81fd43 100644
---
a/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java
+++
b/confignode/src/main/java/org/apache/iotdb/confignode/persistence/AuthorInfo.java
@@ -331,16 +331,16 @@ public class AuthorInfo {
}
}
- private static class AuthorInfoPersistenceHolder {
+ private static class AuthorInfoHolder {
private static final AuthorInfo INSTANCE = new AuthorInfo();
- private AuthorInfoPersistenceHolder() {
+ private AuthorInfoHolder() {
// empty constructor
}
}
public static AuthorInfo getInstance() {
- return AuthorInfo.AuthorInfoPersistenceHolder.INSTANCE;
+ return AuthorInfo.AuthorInfoHolder.INSTANCE;
}
}
diff --git
a/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java
b/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java
new file mode 100644
index 0000000000..eae73ac4d7
--- /dev/null
+++
b/confignode/src/test/java/org/apache/iotdb/confignode/persistence/AuthorInfoTest.java
@@ -0,0 +1,292 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.iotdb.confignode.persistence;
+
+import org.apache.iotdb.common.rpc.thrift.TSStatus;
+import org.apache.iotdb.commons.auth.AuthException;
+import org.apache.iotdb.commons.auth.entity.PrivilegeType;
+import org.apache.iotdb.commons.conf.IoTDBConstant;
+import org.apache.iotdb.confignode.consensus.request.ConfigRequestType;
+import org.apache.iotdb.confignode.consensus.request.auth.AuthorReq;
+import org.apache.iotdb.confignode.consensus.response.PermissionInfoResp;
+import org.apache.iotdb.confignode.rpc.thrift.TCheckUserPrivilegesReq;
+import org.apache.iotdb.rpc.TSStatusCode;
+
+import org.apache.thrift.TException;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+public class AuthorInfoTest {
+
+ private static AuthorInfo authorInfo;
+
+ @BeforeClass
+ public static void setup() {
+ authorInfo = AuthorInfo.getInstance();
+ }
+
+ @Test
+ public void permissionTest() throws TException, AuthException {
+
+ TSStatus status;
+
+ List<String> userList = new ArrayList<>();
+ userList.add("root");
+ userList.add("user0");
+ userList.add("user1");
+
+ List<String> roleList = new ArrayList<>();
+ roleList.add("role0");
+ roleList.add("role1");
+
+ AuthorReq authorReq;
+ TCheckUserPrivilegesReq checkUserPrivilegesReq;
+
+ Set<Integer> privilegeList = new HashSet<>();
+ privilegeList.add(PrivilegeType.DELETE_USER.ordinal());
+ privilegeList.add(PrivilegeType.CREATE_USER.ordinal());
+
+ Set<Integer> revokePrivilege = new HashSet<>();
+ revokePrivilege.add(PrivilegeType.DELETE_USER.ordinal());
+
+ Map<String, List<String>> permissionInfo;
+ List<String> privilege = new ArrayList<>();
+ privilege.add("root.** : CREATE_USER");
+ privilege.add("root.** : CREATE_USER");
+
+ List<String> paths = new ArrayList<>();
+ paths.add("root.ln");
+
+ cleanUserAndRole();
+
+ // create user
+ authorReq =
+ new AuthorReq(ConfigRequestType.CreateUser, "user0", "", "passwd", "",
new HashSet<>(), "");
+ status = authorInfo.authorNonQuery(authorReq);
+ Assert.assertNull(status.getMessage());
+ Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
+ authorReq.setUserName("user1");
+ status = authorInfo.authorNonQuery(authorReq);
+ Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
+
+ // check user privileges
+ status = authorInfo.checkUserPrivileges("user0", paths,
PrivilegeType.DELETE_USER.ordinal());
+ Assert.assertEquals(TSStatusCode.NO_PERMISSION_ERROR.getStatusCode(),
status.getCode());
+
+ // drop user
+ authorReq = new AuthorReq(ConfigRequestType.DropUser, "user1", "", "", "",
new HashSet<>(), "");
+ status = authorInfo.authorNonQuery(authorReq);
+ Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
+
+ // list user
+ PermissionInfoResp permissionInfoResp = authorInfo.executeListUser();
+ status = permissionInfoResp.getStatus();
+ Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
+ userList.remove("user1");
+ Assert.assertEquals(
+ userList,
permissionInfoResp.getPermissionInfo().get(IoTDBConstant.COLUMN_USER));
+
+ // create role
+ authorReq =
+ new AuthorReq(ConfigRequestType.CreateRole, "", "role0", "", "", new
HashSet<>(), "");
+ status = authorInfo.authorNonQuery(authorReq);
+ Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
+ authorReq.setRoleName("role1");
+ status = authorInfo.authorNonQuery(authorReq);
+ Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
+
+ // drop role
+ authorReq = new AuthorReq(ConfigRequestType.DropRole, "", "role1", "", "",
new HashSet<>(), "");
+ status = authorInfo.authorNonQuery(authorReq);
+ Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
+
+ // list role
+ permissionInfoResp = authorInfo.executeListRole();
+ status = permissionInfoResp.getStatus();
+ Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
+ roleList.remove("role1");
+ Assert.assertEquals(
+ roleList,
permissionInfoResp.getPermissionInfo().get(IoTDBConstant.COLUMN_ROLE));
+
+ // alter user
+ authorReq =
+ new AuthorReq(ConfigRequestType.UpdateUser, "user0", "", "", "newpwd",
new HashSet<>(), "");
+ status = authorInfo.authorNonQuery(authorReq);
+ Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
+
+ // grant user
+ authorReq =
+ new AuthorReq(ConfigRequestType.GrantUser, "user0", "", "", "",
privilegeList, "root.ln");
+ status = authorInfo.authorNonQuery(authorReq);
+ Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
+
+ // check user privileges
+ status = authorInfo.checkUserPrivileges("user0", paths,
PrivilegeType.DELETE_USER.ordinal());
+ Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
+
+ // grant role
+ authorReq =
+ new AuthorReq(ConfigRequestType.GrantRole, "", "role0", "", "",
privilegeList, "root.ln");
+ status = authorInfo.authorNonQuery(authorReq);
+ Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
+
+ // grant role to user
+ authorReq =
+ new AuthorReq(
+ ConfigRequestType.GrantRoleToUser, "user0", "role0", "", "", new
HashSet<>(), "");
+ status = authorInfo.authorNonQuery(authorReq);
+ Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
+
+ // revoke user
+ authorReq =
+ new AuthorReq(
+ ConfigRequestType.RevokeUser, "user0", "", "", "",
revokePrivilege, "root.ln");
+ status = authorInfo.authorNonQuery(authorReq);
+ Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
+
+ // revoke role
+ authorReq =
+ new AuthorReq(
+ ConfigRequestType.RevokeRole, "", "role0", "", "",
revokePrivilege, "root.ln");
+ status = authorInfo.authorNonQuery(authorReq);
+ Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
+
+ // list privileges user
+ authorReq =
+ new AuthorReq(
+ ConfigRequestType.ListUserPrivilege, "user0", "", "", "", new
HashSet<>(), "root.ln");
+ permissionInfoResp = authorInfo.executeListUserPrivileges(authorReq);
+ status = permissionInfoResp.getStatus();
+ Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
+ Assert.assertEquals(
+ privilege,
permissionInfoResp.getPermissionInfo().get(IoTDBConstant.COLUMN_PRIVILEGE));
+
+ // list user privileges
+ authorReq =
+ new AuthorReq(
+ ConfigRequestType.ListUserPrivilege, "user0", "", "", "", new
HashSet<>(), "");
+ permissionInfoResp = authorInfo.executeListUserPrivileges(authorReq);
+ status = permissionInfoResp.getStatus();
+ Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
+ Assert.assertEquals(
+ privilege,
permissionInfoResp.getPermissionInfo().get(IoTDBConstant.COLUMN_PRIVILEGE));
+
+ // list privileges role
+ authorReq =
+ new AuthorReq(
+ ConfigRequestType.ListRolePrivilege, "", "role0", "", "", new
HashSet<>(), "root.ln");
+ permissionInfoResp = authorInfo.executeListRolePrivileges(authorReq);
+ status = permissionInfoResp.getStatus();
+ Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
+ privilege.remove(0);
+ Assert.assertEquals(
+ privilege,
permissionInfoResp.getPermissionInfo().get(IoTDBConstant.COLUMN_PRIVILEGE));
+
+ // list role privileges
+ authorReq =
+ new AuthorReq(
+ ConfigRequestType.ListRolePrivilege, "", "role0", "", "", new
HashSet<>(), "");
+ permissionInfoResp = authorInfo.executeListRolePrivileges(authorReq);
+ status = permissionInfoResp.getStatus();
+ Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
+ Assert.assertEquals(
+ privilege,
permissionInfoResp.getPermissionInfo().get(IoTDBConstant.COLUMN_PRIVILEGE));
+
+ // list all role of user
+ authorReq =
+ new AuthorReq(ConfigRequestType.ListUserRoles, "user0", "", "", "",
new HashSet<>(), "");
+ permissionInfoResp = authorInfo.executeListUserRoles(authorReq);
+ status = permissionInfoResp.getStatus();
+ Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
+ roleList.remove("role1");
+ Assert.assertEquals(
+ roleList,
permissionInfoResp.getPermissionInfo().get(IoTDBConstant.COLUMN_ROLE));
+
+ // list all user of role
+ authorReq =
+ new AuthorReq(ConfigRequestType.ListRoleUsers, "", "role0", "", "",
new HashSet<>(), "");
+ permissionInfoResp = authorInfo.executeListRoleUsers(authorReq);
+ status = permissionInfoResp.getStatus();
+ Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
+ userList.remove("user1");
+ userList.remove("root");
+ Assert.assertEquals(
+ userList,
permissionInfoResp.getPermissionInfo().get(IoTDBConstant.COLUMN_USER));
+
+ // revoke role from user
+ authorReq =
+ new AuthorReq(
+ ConfigRequestType.RevokeRoleFromUser, "user0", "role0", "", "",
new HashSet<>(), "");
+ status = authorInfo.authorNonQuery(authorReq);
+ Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
+
+ // list root privileges
+ authorReq =
+ new AuthorReq(ConfigRequestType.ListUserPrivilege, "root", "", "", "",
new HashSet<>(), "");
+ permissionInfoResp = authorInfo.executeListUserPrivileges(authorReq);
+ status = permissionInfoResp.getStatus();
+ Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
+ for (int i = 0; i < PrivilegeType.values().length; i++) {
+ Assert.assertEquals(
+ PrivilegeType.values()[i].toString(),
+
permissionInfoResp.getPermissionInfo().get(IoTDBConstant.COLUMN_PRIVILEGE).get(i));
+ }
+ }
+
+ private void cleanUserAndRole() throws TException, AuthException {
+ TSStatus status;
+
+ // clean user
+ AuthorReq authorReq =
+ new AuthorReq(ConfigRequestType.ListUser, "", "", "", "", new
HashSet<>(), "");
+ PermissionInfoResp permissionInfoResp = authorInfo.executeListUser();
+ status = permissionInfoResp.getStatus();
+ Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
+
+ List<String> allUsers =
permissionInfoResp.getPermissionInfo().get(IoTDBConstant.COLUMN_USER);
+ for (String user : allUsers) {
+ if (!user.equals("root")) {
+ authorReq =
+ new AuthorReq(ConfigRequestType.DropUser, user, "", "", "", new
HashSet<>(), "");
+ status = authorInfo.authorNonQuery(authorReq);
+ Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
+ }
+ }
+
+ // clean role
+ permissionInfoResp = authorInfo.executeListRole();
+ status = permissionInfoResp.getStatus();
+ Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
+
+ List<String> roleList =
permissionInfoResp.getPermissionInfo().get(IoTDBConstant.COLUMN_ROLE);
+ for (String roleN : roleList) {
+ authorReq = new AuthorReq(ConfigRequestType.DropRole, "", roleN, "", "",
new HashSet<>(), "");
+ status = authorInfo.authorNonQuery(authorReq);
+ Assert.assertEquals(TSStatusCode.SUCCESS_STATUS.getStatusCode(),
status.getCode());
+ }
+ }
+}
diff --git
a/node-commons/src/main/java/org/apache/iotdb/commons/auth/role/LocalFileRoleAccessor.java
b/node-commons/src/main/java/org/apache/iotdb/commons/auth/role/LocalFileRoleAccessor.java
index abe5cec513..e39ea0cc03 100644
---
a/node-commons/src/main/java/org/apache/iotdb/commons/auth/role/LocalFileRoleAccessor.java
+++
b/node-commons/src/main/java/org/apache/iotdb/commons/auth/role/LocalFileRoleAccessor.java
@@ -84,10 +84,9 @@ public class LocalFileRoleAccessor implements IRoleAccessor {
return null;
}
}
-
- try (FileInputStream inputStream = new FileInputStream(roleProfile);
- DataInputStream dataInputStream =
- new DataInputStream(new BufferedInputStream(inputStream))) {
+ FileInputStream inputStream = new FileInputStream(roleProfile);
+ try (DataInputStream dataInputStream =
+ new DataInputStream(new BufferedInputStream(inputStream))) {
Role role = new Role();
role.setName(IOUtils.readString(dataInputStream, STRING_ENCODING,
strBufferLocal));
@@ -115,6 +114,10 @@ public class LocalFileRoleAccessor implements
IRoleAccessor {
+ role.getName()
+ IoTDBConstant.PROFILE_SUFFIX
+ TEMP_SUFFIX);
+ File roleDir = new File(roleDirPath);
+ if (!roleDir.exists()) {
+ roleDir.mkdirs();
+ }
try (BufferedOutputStream outputStream =
new BufferedOutputStream(new FileOutputStream(roleProfile))) {
try {
diff --git
a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java
b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java
index b931632e7b..e4e04aa62d 100644
---
a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java
+++
b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/BasicUserManager.java
@@ -27,6 +27,7 @@ import org.apache.iotdb.commons.utils.AuthUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.io.File;
import java.io.IOException;
import java.util.HashMap;
import java.util.HashSet;
@@ -115,6 +116,10 @@ public abstract class BasicUserManager implements
IUserManager {
lock.writeLock(username);
try {
user = new User(username, AuthUtils.encryptPassword(password));
+ File userDirPath = new File(accessor.getDirPath());
+ if (!userDirPath.exists()) {
+ reset();
+ }
accessor.saveUser(user);
userMap.put(username, user);
return true;
diff --git
a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/IUserAccessor.java
b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/IUserAccessor.java
index 0f86c59ab7..cb0cffee73 100644
---
a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/IUserAccessor.java
+++
b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/IUserAccessor.java
@@ -61,4 +61,11 @@ public interface IUserAccessor {
/** Re-initialize this object. */
void reset();
+
+ /**
+ * get UserDirPath
+ *
+ * @return userDirPath
+ */
+ public String getDirPath();
}
diff --git
a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java
b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java
index 696074e3d3..01f08d4428 100644
---
a/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java
+++
b/node-commons/src/main/java/org/apache/iotdb/commons/auth/user/LocalFileUserAccessor.java
@@ -98,9 +98,9 @@ public class LocalFileUserAccessor implements IUserAccessor {
return null;
}
}
- try (FileInputStream inputStream = new FileInputStream(userProfile);
- DataInputStream dataInputStream =
- new DataInputStream(new BufferedInputStream(inputStream))) {
+ FileInputStream inputStream = new FileInputStream(userProfile);
+ try (DataInputStream dataInputStream =
+ new DataInputStream(new BufferedInputStream(inputStream))) {
User user = new User();
user.setName(IOUtils.readString(dataInputStream, STRING_ENCODING,
strBufferLocal));
user.setPassword(IOUtils.readString(dataInputStream, STRING_ENCODING,
strBufferLocal));
@@ -152,6 +152,7 @@ public class LocalFileUserAccessor implements IUserAccessor
{
+ user.getName()
+ IoTDBConstant.PROFILE_SUFFIX
+ TEMP_SUFFIX);
+
try (BufferedOutputStream outputStream =
new BufferedOutputStream(new FileOutputStream(userProfile))) {
try {
@@ -242,4 +243,9 @@ public class LocalFileUserAccessor implements IUserAccessor
{
logger.error("user info dir {} can not be created", userDirPath);
}
}
+
+ @Override
+ public String getDirPath() {
+ return userDirPath;
+ }
}
diff --git
a/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
b/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
index 8c73b8542e..d2a01d1a72 100644
--- a/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
+++ b/server/src/main/java/org/apache/iotdb/db/auth/AuthorityChecker.java
@@ -20,7 +20,6 @@ package org.apache.iotdb.db.auth;
import org.apache.iotdb.common.rpc.thrift.TSStatus;
import org.apache.iotdb.commons.auth.AuthException;
-import org.apache.iotdb.commons.auth.authorizer.AuthorizerManager;
import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.commons.conf.CommonDescriptor;
import org.apache.iotdb.commons.path.PartialPath;
diff --git
a/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/AuthorizerManager.java
b/server/src/main/java/org/apache/iotdb/db/auth/AuthorizerManager.java
similarity index 95%
rename from
node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/AuthorizerManager.java
rename to server/src/main/java/org/apache/iotdb/db/auth/AuthorizerManager.java
index 700cc536b5..84c79e42e9 100644
---
a/node-commons/src/main/java/org/apache/iotdb/commons/auth/authorizer/AuthorizerManager.java
+++ b/server/src/main/java/org/apache/iotdb/db/auth/AuthorizerManager.java
@@ -17,9 +17,11 @@
* under the License.
*/
-package org.apache.iotdb.commons.auth.authorizer;
+package org.apache.iotdb.db.auth;
import org.apache.iotdb.commons.auth.AuthException;
+import org.apache.iotdb.commons.auth.authorizer.BasicAuthorizer;
+import org.apache.iotdb.commons.auth.authorizer.IAuthorizer;
import org.apache.iotdb.commons.auth.entity.Role;
import org.apache.iotdb.commons.auth.entity.User;
@@ -40,7 +42,7 @@ public class AuthorizerManager implements IAuthorizer {
try {
iAuthorizer = BasicAuthorizer.getInstance();
} catch (AuthException e) {
- logger.error("Authorizer uninitialized");
+ logger.error(e.getMessage());
}
}
@@ -131,7 +133,9 @@ public class AuthorizerManager implements IAuthorizer {
}
@Override
- public void reset() throws AuthException {}
+ public void reset() throws AuthException {
+ iAuthorizer.reset();
+ }
@Override
public List<String> listAllUsers() {
diff --git
a/server/src/main/java/org/apache/iotdb/db/protocol/mqtt/BrokerAuthenticator.java
b/server/src/main/java/org/apache/iotdb/db/protocol/mqtt/BrokerAuthenticator.java
index 78695df0fd..58c2ce7ba0 100644
---
a/server/src/main/java/org/apache/iotdb/db/protocol/mqtt/BrokerAuthenticator.java
+++
b/server/src/main/java/org/apache/iotdb/db/protocol/mqtt/BrokerAuthenticator.java
@@ -18,8 +18,8 @@
package org.apache.iotdb.db.protocol.mqtt;
import org.apache.iotdb.commons.auth.AuthException;
-import org.apache.iotdb.commons.auth.authorizer.BasicAuthorizer;
import org.apache.iotdb.commons.auth.authorizer.IAuthorizer;
+import org.apache.iotdb.db.auth.AuthorizerManager;
import io.moquette.broker.security.IAuthenticator;
import org.apache.commons.lang3.StringUtils;
@@ -37,7 +37,7 @@ public class BrokerAuthenticator implements IAuthenticator {
}
try {
- IAuthorizer authorizer = BasicAuthorizer.getInstance();
+ IAuthorizer authorizer = AuthorizerManager.getInstance();
return authorizer.login(username, new String(password));
} catch (AuthException e) {
LOG.info("meet error while logging in.", e);
diff --git
a/server/src/main/java/org/apache/iotdb/db/protocol/rest/filter/AuthorizationFilter.java
b/server/src/main/java/org/apache/iotdb/db/protocol/rest/filter/AuthorizationFilter.java
index f774c5e060..1ddeca7287 100644
---
a/server/src/main/java/org/apache/iotdb/db/protocol/rest/filter/AuthorizationFilter.java
+++
b/server/src/main/java/org/apache/iotdb/db/protocol/rest/filter/AuthorizationFilter.java
@@ -17,8 +17,8 @@
package org.apache.iotdb.db.protocol.rest.filter;
import org.apache.iotdb.commons.auth.AuthException;
-import org.apache.iotdb.commons.auth.authorizer.BasicAuthorizer;
import org.apache.iotdb.commons.auth.authorizer.IAuthorizer;
+import org.apache.iotdb.db.auth.AuthorizerManager;
import org.apache.iotdb.db.conf.rest.IoTDBRestServiceDescriptor;
import org.apache.iotdb.db.protocol.rest.model.ExecutionStatus;
import org.apache.iotdb.rpc.TSStatusCode;
@@ -43,7 +43,7 @@ public class AuthorizationFilter implements
ContainerRequestFilter {
private static final Logger LOGGER =
LoggerFactory.getLogger(AuthorizationFilter.class);
- private final IAuthorizer authorizer = BasicAuthorizer.getInstance();
+ private final IAuthorizer authorizer = AuthorizerManager.getInstance();
private final UserCache userCache = UserCache.getInstance();
public AuthorizationFilter() throws AuthException {}
diff --git
a/server/src/main/java/org/apache/iotdb/db/qp/executor/PlanExecutor.java
b/server/src/main/java/org/apache/iotdb/db/qp/executor/PlanExecutor.java
index d44fe2dab5..b29785d369 100644
--- a/server/src/main/java/org/apache/iotdb/db/qp/executor/PlanExecutor.java
+++ b/server/src/main/java/org/apache/iotdb/db/qp/executor/PlanExecutor.java
@@ -20,7 +20,6 @@ package org.apache.iotdb.db.qp.executor;
import org.apache.iotdb.common.rpc.thrift.TSStatus;
import org.apache.iotdb.commons.auth.AuthException;
-import org.apache.iotdb.commons.auth.authorizer.AuthorizerManager;
import org.apache.iotdb.commons.auth.entity.PathPrivilege;
import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.commons.auth.entity.Role;
@@ -34,6 +33,7 @@ import org.apache.iotdb.commons.exception.MetadataException;
import org.apache.iotdb.commons.path.PartialPath;
import org.apache.iotdb.commons.utils.AuthUtils;
import org.apache.iotdb.db.auth.AuthorityChecker;
+import org.apache.iotdb.db.auth.AuthorizerManager;
import org.apache.iotdb.db.conf.IoTDBDescriptor;
import org.apache.iotdb.db.engine.StorageEngine;
import org.apache.iotdb.db.engine.cache.BloomFilterCache;
diff --git
a/server/src/main/java/org/apache/iotdb/db/query/control/SessionManager.java
b/server/src/main/java/org/apache/iotdb/db/query/control/SessionManager.java
index 770b6a2407..68018310d8 100644
--- a/server/src/main/java/org/apache/iotdb/db/query/control/SessionManager.java
+++ b/server/src/main/java/org/apache/iotdb/db/query/control/SessionManager.java
@@ -20,9 +20,9 @@ package org.apache.iotdb.db.query.control;
import org.apache.iotdb.common.rpc.thrift.TSStatus;
import org.apache.iotdb.commons.auth.AuthException;
-import org.apache.iotdb.commons.auth.authorizer.AuthorizerManager;
import org.apache.iotdb.commons.conf.IoTDBConstant;
import org.apache.iotdb.db.auth.AuthorityChecker;
+import org.apache.iotdb.db.auth.AuthorizerManager;
import org.apache.iotdb.db.conf.OperationType;
import org.apache.iotdb.db.exception.StorageEngineException;
import org.apache.iotdb.db.mpp.common.SessionInfo;
diff --git
a/server/src/main/java/org/apache/iotdb/db/service/thrift/impl/TSServiceImpl.java
b/server/src/main/java/org/apache/iotdb/db/service/thrift/impl/TSServiceImpl.java
index 7c1ccdc134..a1b5317146 100644
---
a/server/src/main/java/org/apache/iotdb/db/service/thrift/impl/TSServiceImpl.java
+++
b/server/src/main/java/org/apache/iotdb/db/service/thrift/impl/TSServiceImpl.java
@@ -21,13 +21,13 @@ package org.apache.iotdb.db.service.thrift.impl;
import org.apache.iotdb.common.rpc.thrift.TEndPoint;
import org.apache.iotdb.common.rpc.thrift.TSStatus;
import org.apache.iotdb.commons.auth.AuthException;
-import org.apache.iotdb.commons.auth.authorizer.BasicAuthorizer;
import org.apache.iotdb.commons.auth.authorizer.IAuthorizer;
import org.apache.iotdb.commons.conf.IoTDBConstant;
import org.apache.iotdb.commons.exception.IllegalPathException;
import org.apache.iotdb.commons.exception.IoTDBException;
import org.apache.iotdb.commons.exception.MetadataException;
import org.apache.iotdb.commons.path.PartialPath;
+import org.apache.iotdb.db.auth.AuthorizerManager;
import org.apache.iotdb.db.conf.IoTDBConfig;
import org.apache.iotdb.db.conf.IoTDBDescriptor;
import org.apache.iotdb.db.conf.OperationType;
@@ -1034,12 +1034,7 @@ public class TSServiceImpl implements TSIEventHandler {
}
private WatermarkEncoder getWatermarkEncoder(String userName) throws
TException, AuthException {
- IAuthorizer authorizer;
- try {
- authorizer = BasicAuthorizer.getInstance();
- } catch (AuthException e) {
- throw new TException(e);
- }
+ IAuthorizer authorizer = AuthorizerManager.getInstance();
WatermarkEncoder encoder = null;
if (CONFIG.isEnableWatermark() && authorizer.isUserUseWaterMark(userName))
{
diff --git
a/server/src/test/java/org/apache/iotdb/db/auth/AuthorityCheckerTest.java
b/server/src/test/java/org/apache/iotdb/db/auth/AuthorityCheckerTest.java
index 28a8c1b566..c27d2f5146 100644
--- a/server/src/test/java/org/apache/iotdb/db/auth/AuthorityCheckerTest.java
+++ b/server/src/test/java/org/apache/iotdb/db/auth/AuthorityCheckerTest.java
@@ -19,7 +19,6 @@
package org.apache.iotdb.db.auth;
import org.apache.iotdb.commons.auth.AuthException;
-import org.apache.iotdb.commons.auth.authorizer.BasicAuthorizer;
import org.apache.iotdb.commons.auth.authorizer.IAuthorizer;
import org.apache.iotdb.commons.auth.entity.PrivilegeType;
import org.apache.iotdb.commons.auth.entity.User;
@@ -45,7 +44,7 @@ public class AuthorityCheckerTest {
@Before
public void setUp() throws Exception {
EnvironmentUtils.envSetUp();
- authorizer = BasicAuthorizer.getInstance();
+ authorizer = AuthorizerManager.getInstance();
user = new User("user", "password");
}
diff --git
a/server/src/test/java/org/apache/iotdb/db/auth/authorizer/LocalFileAuthorizerTest.java
b/server/src/test/java/org/apache/iotdb/db/auth/authorizer/LocalFileAuthorizerTest.java
index e111634194..cd951ccdc7 100644
---
a/server/src/test/java/org/apache/iotdb/db/auth/authorizer/LocalFileAuthorizerTest.java
+++
b/server/src/test/java/org/apache/iotdb/db/auth/authorizer/LocalFileAuthorizerTest.java
@@ -19,11 +19,11 @@
package org.apache.iotdb.db.auth.authorizer;
import org.apache.iotdb.commons.auth.AuthException;
-import org.apache.iotdb.commons.auth.authorizer.BasicAuthorizer;
import org.apache.iotdb.commons.auth.authorizer.IAuthorizer;
import org.apache.iotdb.commons.auth.entity.Role;
import org.apache.iotdb.commons.auth.entity.User;
import org.apache.iotdb.commons.conf.CommonDescriptor;
+import org.apache.iotdb.db.auth.AuthorizerManager;
import org.apache.iotdb.db.utils.EnvironmentUtils;
import org.junit.After;
@@ -49,7 +49,7 @@ public class LocalFileAuthorizerTest {
@Before
public void setUp() throws Exception {
EnvironmentUtils.envSetUp();
- authorizer = BasicAuthorizer.getInstance();
+ authorizer = AuthorizerManager.getInstance();
user = new User("user", "password");
}
@@ -253,7 +253,7 @@ public class LocalFileAuthorizerTest {
@Test
public void testListUser() throws AuthException {
- IAuthorizer authorizer = BasicAuthorizer.getInstance();
+ IAuthorizer authorizer = AuthorizerManager.getInstance();
List<String> userList = authorizer.listAllUsers();
assertEquals(1, userList.size());
assertEquals(CommonDescriptor.getInstance().getConfig().getAdminName(),
userList.get(0));
@@ -284,7 +284,7 @@ public class LocalFileAuthorizerTest {
@Test
public void testListRole() throws AuthException {
- IAuthorizer authorizer = BasicAuthorizer.getInstance();
+ IAuthorizer authorizer = AuthorizerManager.getInstance();
List<String> roleList = authorizer.listAllRoles();
assertEquals(0, roleList.size());
@@ -314,7 +314,7 @@ public class LocalFileAuthorizerTest {
@Test
public void testReplaceAllUsers() throws AuthException {
- IAuthorizer authorizer = BasicAuthorizer.getInstance();
+ IAuthorizer authorizer = AuthorizerManager.getInstance();
Assert.assertEquals("root", authorizer.listAllUsers().get(0));
User user = new User("user", "user");
HashMap<String, User> users = new HashMap<>();
@@ -325,7 +325,7 @@ public class LocalFileAuthorizerTest {
@Test
public void testReplaceAllRole() throws AuthException {
- IAuthorizer authorizer = BasicAuthorizer.getInstance();
+ IAuthorizer authorizer = AuthorizerManager.getInstance();
Role role = new Role("role");
HashMap<String, Role> roles = new HashMap<>();
roles.put("role", role);
diff --git
a/server/src/test/java/org/apache/iotdb/db/utils/EnvironmentUtils.java
b/server/src/test/java/org/apache/iotdb/db/utils/EnvironmentUtils.java
index fc21f0792e..d012c9c65e 100644
--- a/server/src/test/java/org/apache/iotdb/db/utils/EnvironmentUtils.java
+++ b/server/src/test/java/org/apache/iotdb/db/utils/EnvironmentUtils.java
@@ -19,7 +19,7 @@
package org.apache.iotdb.db.utils;
import org.apache.iotdb.commons.auth.AuthException;
-import org.apache.iotdb.commons.auth.authorizer.BasicAuthorizer;
+import org.apache.iotdb.db.auth.AuthorizerManager;
import org.apache.iotdb.db.conf.IoTDBConfig;
import org.apache.iotdb.db.conf.IoTDBDescriptor;
import org.apache.iotdb.db.conf.directories.DirectoryManager;
@@ -366,7 +366,7 @@ public class EnvironmentUtils {
}
// create user and roles folder
try {
- BasicAuthorizer.getInstance().reset();
+ AuthorizerManager.getInstance().reset();
} catch (AuthException e) {
logger.error("create user and role folders failed", e);
fail(e.getMessage());
