Github user revans2 commented on a diff in the pull request:
https://github.com/apache/storm/pull/2752#discussion_r206238030
--- Diff:
storm-webapp/src/main/java/org/apache/storm/daemon/ui/filters/AuthorizedUserFilter.java
---
@@ -0,0 +1,130 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.storm.daemon.ui.filters;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.security.Principal;
+import java.util.Map;
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.container.ContainerRequestFilter;
+import javax.ws.rs.container.ResourceInfo;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.ext.Provider;
+
+import org.apache.storm.DaemonConfig;
+import org.apache.storm.daemon.StormCommon;
+import org.apache.storm.daemon.ui.resources.NimbusOp;
+import org.apache.storm.security.auth.IAuthorizer;
+import org.apache.storm.security.auth.ReqContext;
+import org.apache.storm.thrift.TException;
+import org.apache.storm.utils.NimbusClient;
+import org.apache.storm.utils.Utils;
+import org.json.simple.JSONValue;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+@Provider
+public class AuthorizedUserFilter implements ContainerRequestFilter {
+
+ public static final Logger LOG =
LoggerFactory.getLogger(AuthorizedUserFilter.class);
+ public static Map<String, Object> conf = Utils.readStormConfig();
+ public static IAuthorizer uiImpersonationHandler;
+ public static IAuthorizer uiAclHandler;
+
+ @Context private ResourceInfo resourceInfo;
+
+ static {
+ try {
+ uiImpersonationHandler = StormCommon.mkAuthorizationHandler(
+ (String)
conf.get(DaemonConfig.NIMBUS_IMPERSONATION_AUTHORIZER), conf);
+ uiAclHandler = StormCommon.mkAuthorizationHandler(
+ (String) conf.get(DaemonConfig.NIMBUS_AUTHORIZER),
conf);
+ } catch (IllegalAccessException | InstantiationException |
ClassNotFoundException e) {
+ LOG.error("Error initializing AuthorizedUserFilter: ", e);
+ throw new RuntimeException(e);
+ }
+ }
+
+ @Override
+ public void filter(ContainerRequestContext containerRequestContext)
throws IOException {
+ NimbusOp annotation =
resourceInfo.getResourceMethod().getAnnotation(NimbusOp.class);
+ if (annotation == null) {
+ return;
+ }
+ String op = annotation.value();
+ if (op == null) {
+ return;
+ }
+
+ Map topoConf = null;
+ if
(containerRequestContext.getUriInfo().getPathParameters().containsKey("id")) {
--- End diff --
It feels a bit like `?id=` is always the topology id is a bit of magic.
Could we have a follow on JIRA to make it so each API can configure it, perhaps
through the annotation?
---
