Github user revans2 commented on a diff in the pull request: https://github.com/apache/storm/pull/2752#discussion_r200418105 --- Diff: storm-core/src/jvm/org/apache/storm/ui/filters/AuthorizedUserFilter.java --- @@ -0,0 +1,162 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.storm.ui.filters; + +import java.io.IOException; +import java.net.InetAddress; +import java.security.Principal; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.StringJoiner; +import javax.ws.rs.container.ContainerRequestContext; +import javax.ws.rs.container.ContainerRequestFilter; +import javax.ws.rs.container.ResourceInfo; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.PathSegment; +import javax.ws.rs.ext.Provider; + +import org.apache.storm.DaemonConfig; +import org.apache.storm.daemon.StormCommon; +import org.apache.storm.generated.AuthorizationException; +import org.apache.storm.security.auth.IAuthorizer; +import org.apache.storm.security.auth.ReqContext; +import org.apache.storm.thrift.TException; +import org.apache.storm.utils.NimbusClient; +import org.apache.storm.utils.Utils; +import org.json.simple.JSONValue; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +@Provider +public class AuthorizedUserFilter implements ContainerRequestFilter { + + public static final Logger LOG = LoggerFactory.getLogger(AuthorizedUserFilter.class); + public static Map<String, Object> conf = Utils.readStormConfig(); + public static IAuthorizer uiImpersonationHandler; + public static IAuthorizer uiAclHandler; + + public static Map<String, String> resourceMethodToNimbusOps = new HashMap(); + + @Context private ResourceInfo resourceInfo; + + static { + resourceMethodToNimbusOps.put("getClusterSummary", "getClusterInfo"); + resourceMethodToNimbusOps.put("getNimbusSummary", "getClusterInfo"); + resourceMethodToNimbusOps.put("getOwnerResources", "getOwnerResourceSummaries"); + resourceMethodToNimbusOps.put("getOwnerResource", "getOwnerResourceSummaries"); + resourceMethodToNimbusOps.put("getSupervisorSummary", "getClusterInfo"); + resourceMethodToNimbusOps.put("getSupervisor", "getSupervisorPageInfo"); + resourceMethodToNimbusOps.put("getTopologySummary", "getClusterInfo"); + resourceMethodToNimbusOps.put("getTopology", "getTopology"); + resourceMethodToNimbusOps.put("getTopologyMetrics", "getTopology"); + resourceMethodToNimbusOps.put("getTopologyVisializationInit", "getTopology"); + resourceMethodToNimbusOps.put("getTopologyVisualization", "getTopology"); + resourceMethodToNimbusOps.put("getTopologyLogconfig", "getTopology"); + resourceMethodToNimbusOps.put("putTopologyLogconfig", "setLogConfig"); + resourceMethodToNimbusOps.put("putTopologyActivate", "activate"); + resourceMethodToNimbusOps.put("putTopologyDeactivate", "deactivate"); + resourceMethodToNimbusOps.put("putTopologyDebugActionSpct", "debug"); + resourceMethodToNimbusOps.put("putTopologyComponentDebugActionSpct", "debug"); + resourceMethodToNimbusOps.put("putTopologyRebalance", "rebalance"); + resourceMethodToNimbusOps.put("putTopologyKill", "killTopology"); + resourceMethodToNimbusOps.put("getTopologyProfilingStart", "setWorkerProfiler"); + resourceMethodToNimbusOps.put("getTopologyProfilingStop", "setWorkerProfiler"); + resourceMethodToNimbusOps.put("getTopologyProfilingDumpProfile", "setWorkerProfiler"); + resourceMethodToNimbusOps.put("getTopologyProfilingRestartWorker", "setWorkerProfiler"); + resourceMethodToNimbusOps.put("getTopologyProfilingDumpheap", "setWorkerProfiler"); --- End diff -- Could we add in a custom annotation to the APIs instead of having a separate map here that is highly coupled to the code in a different file?
---