Repository: incubator-sentry Updated Branches: refs/heads/master 3d05db9b0 -> baad976f0
SENTRY-1122: Allow Solr Audit Log to Read Impersonator Info (Gregory Chanan, Reviewed by: Vamsee Yarlagadda) Project: http://git-wip-us.apache.org/repos/asf/incubator-sentry/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-sentry/commit/baad976f Tree: http://git-wip-us.apache.org/repos/asf/incubator-sentry/tree/baad976f Diff: http://git-wip-us.apache.org/repos/asf/incubator-sentry/diff/baad976f Branch: refs/heads/master Commit: baad976f0ea6d3808dc0487af0aaaba2c25a1cce Parents: 3d05db9 Author: Gregory Chanan <[email protected]> Authored: Tue Mar 8 15:47:15 2016 -0800 Committer: Gregory Chanan <[email protected]> Committed: Thu Mar 10 14:02:42 2016 -0800 ---------------------------------------------------------------------- .../SentryIndexAuthorizationSingleton.java | 24 ++++++++++++++++++-- .../org/apache/solr/sentry/SentryTestBase.java | 14 ++++++++---- 2 files changed, 32 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/baad976f/sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/SentryIndexAuthorizationSingleton.java ---------------------------------------------------------------------- diff --git a/sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/SentryIndexAuthorizationSingleton.java b/sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/SentryIndexAuthorizationSingleton.java index c8f0560..245fe78 100644 --- a/sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/SentryIndexAuthorizationSingleton.java +++ b/sentry-solr/solr-sentry-core/src/main/java/org/apache/solr/sentry/SentryIndexAuthorizationSingleton.java @@ -39,8 +39,20 @@ public class SentryIndexAuthorizationSingleton { private static Logger log = LoggerFactory.getLogger(SentryIndexAuthorizationSingleton.class); + /** + * Java system property for specifying location of sentry-site.xml + */ public static final String propertyName = "solr.authorization.sentry.site"; - private static final String USER_NAME = "solr.user.name"; + + /** + * {@link HttpServletRequest} attribute for requesting user name + */ + public static final String USER_NAME = "solr.user.name"; + + /** + * {@link HttpServletRequest} attribute for requesting do as user. + */ + public static final String DO_AS_USER_NAME = "solr.do.as.user.name"; private static final SentryIndexAuthorizationSingleton INSTANCE = new SentryIndexAuthorizationSingleton(System.getProperty(propertyName)); @@ -126,7 +138,7 @@ public class SentryIndexAuthorizationSingleton { Subject userName = new Subject(getUserName(req)); long eventTime = req.getStartTime(); String paramString = req.getParamString(); - String impersonator = null; // FIXME + String impersonator = getImpersonatorName(req); String ipAddress = null; HttpServletRequest sreq = (HttpServletRequest) req.getContext().get("httpRequest"); @@ -219,6 +231,14 @@ public class SentryIndexAuthorizationSingleton { superUser:(String)httpServletRequest.getAttribute(USER_NAME); } + private String getImpersonatorName(SolrQueryRequest req) { + HttpServletRequest httpServletRequest = (HttpServletRequest)req.getContext().get("httpRequest"); + if (httpServletRequest != null) { + return (String)httpServletRequest.getAttribute(DO_AS_USER_NAME); + } + return null; + } + /** * Attempt to notify the Sentry service when deleting collection happened * @param collection http://git-wip-us.apache.org/repos/asf/incubator-sentry/blob/baad976f/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java ---------------------------------------------------------------------- diff --git a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java index fc13728..e1a1ba8 100644 --- a/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java +++ b/sentry-solr/solr-sentry-handlers/src/test/java/org/apache/solr/sentry/SentryTestBase.java @@ -36,13 +36,14 @@ import java.lang.reflect.Field; import org.junit.Assert; +import static org.apache.solr.sentry.SentryIndexAuthorizationSingleton.USER_NAME; +import static org.apache.solr.sentry.SentryIndexAuthorizationSingleton.DO_AS_USER_NAME; + /** * Base class for Sentry tests */ public abstract class SentryTestBase extends SolrTestCaseJ4 { - private static final String USER_NAME = "solr.user.name"; - private SolrQueryRequest request; public void setUp(SolrCore core) throws Exception { @@ -95,10 +96,15 @@ public abstract class SentryTestBase extends SolrTestCaseJ4 { cloudDescField.set(coreDescriptor, mCloudDescriptor); HttpServletRequest httpServletRequest = EasyMock.createMock(HttpServletRequest.class); - IExpectationSetters getAttributeExpect = + IExpectationSetters getAttributeUserExpect = EasyMock.expect(httpServletRequest.getAttribute(USER_NAME)).andReturn(user); if (!onlyOnce) { - getAttributeExpect.anyTimes(); + getAttributeUserExpect.anyTimes(); + } + IExpectationSetters getAttributeDoAsUserExpect = + EasyMock.expect(httpServletRequest.getAttribute(DO_AS_USER_NAME)).andReturn(null); + if (!onlyOnce) { + getAttributeDoAsUserExpect.anyTimes(); } EasyMock.replay(httpServletRequest); request.getContext().put("httpRequest", httpServletRequest);
