-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New authorizer #349
New authorizer #349
Conversation
# Conflicts: # src/main/java/cn/edu/tsinghua/iotdb/qp/executor/OverflowQPExecutor.java # src/test/java/cn/edu/tsinghua/iotdb/utils/EnvironmentUtils.java
private static TsfileDBConfig config = TsfileDBDescriptor.getInstance().getConfig(); | ||
private LocalFileAuthorizer() { | ||
super(new LocalFileUserManager(config.dataDir + File.separator + "users" + File.separator), | ||
new cn.edu.tsinghua.iotdb.auth.Role.LocalFileRoleManager(config.dataDir + File.separator + "roles" + File.separator)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这个包名不放在上面?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
已修改
CREATE_ROLE, DELETE_ROLE, LIST_ROLE, GRANT_ROLE_PRIVILEGE, REVOKE_ROLE_PRIVILEGE; | ||
|
||
public static boolean isPathRelevant(int type) { | ||
return type <= DELETE_TIMESERIES.ordinal(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这个方法具体作用?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
有些权限需要和路径绑定(数据的增删改查),因此需要提供一个路径,而有些不用(用户的增删改查)。这个方法用于判断哪些权限需要路径。
if (o == null || getClass() != o.getClass()) return false; | ||
Role role = (Role) o; | ||
return Objects.equals(name, role.name) && | ||
Objects.equals(privilegeList, role.privilegeList); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
list可以通过equal来比较相等吗?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
try { | ||
createUser(TsFileDBConstant.ADMIN_NAME, TsFileDBConstant.ADMIN_PW); | ||
} catch (AuthException e) { | ||
logger.error("Cannot create admin because {}", e.getMessage()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这个地方创建失败了应该直接抛异常把。不应该在下面显示Admin initialized
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
已修改
|
||
@Override | ||
public User getUser(String username) throws AuthException { | ||
lock.readLock(username); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这个username为什么要上一个锁,有别人会用它?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
是的,需要短暂阻塞对同一用户(或角色)的修改操作。
import java.util.concurrent.atomic.AtomicInteger; | ||
|
||
/** | ||
* This class represent a privilege on a specific path. If the privilege is path-free, the path will be null. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This class represents a privilege
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
已修改
public String path; | ||
|
||
/** | ||
* This field record how many times this privilege is referenced during a life cycle (from being loaded to being discarded). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This field records
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
已修改
/** | ||
* Create a user with given username and password. New users will only be granted no privileges. | ||
* | ||
* @param username is not null or empty |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
用户名可以为""这种吗?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
不行,目前要求字符长度至少为4。并且antlr不太可能解析出一个空字符串。
for(PrivilegeType privilegeType : types) { | ||
if(s.equalsIgnoreCase(privilegeType.name())) { | ||
result.add(privilegeType.ordinal()); | ||
legal = true; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这里legal=true了可以break出来了把?还需要后续的判断吗?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
已修改
|
||
@Override | ||
public void reset() { | ||
new File(roleDirPath).mkdirs(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
之前不需要做一些清理工作?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
不需要,这个只是为了保证系统启动时相应目录存在,并不是进行清理。
public List<String> listAllUsers() { | ||
List<String> rtlist = accessor.listAllUsers(); | ||
rtlist.sort(null); | ||
return rtlist; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
list all user的同步性如何控制?我看底层是对文件进行查询,如果没有lock等同步机制会不会出问题。
因为前边的所有方法都有lock的控制。
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这个操作不保证同步性,也就是说据此拿到的userList可能包含当前已经被删除的用户,但是它表示某一时刻(执行File.list()那一瞬间)的用户存在状态。如果需要对某用户进一步操作,需要使用者自行检查用户的存在性。
String userName = IOUtils.readString(dataInputStream, STRING_ENCODING, strBufferLocal); | ||
userList.add(userName); | ||
} | ||
user.roleList = userList; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这里是读userlis还是rolelist
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
已修改
|
||
@Override | ||
public List<String> listAllUsers() { | ||
File roleDir = new File(userDirPath); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
roledir?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
已修改
} | ||
try { | ||
locks[i].writeLock().unlock(); | ||
} catch (Exception ignored) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这里所的unlock是有问题的把?只有lock的线程才有能力unlock,如果是其他现在来unlock是不会起作用的
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这个方法是测试用的,避免某些测试遗漏解锁影响其他测试。
private static TsfileDBConfig config = TsfileDBDescriptor.getInstance().getConfig(); | ||
private LocalFileAuthorizer() { | ||
super(new LocalFileUserManager(config.dataDir + File.separator + "users" + File.separator), | ||
new cn.edu.tsinghua.iotdb.auth.Role.LocalFileRoleManager(config.dataDir + File.separator + "roles" + File.separator)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
这样的import的内容有问题cn.edu.tsinghua.iotdb.auth.Role.
https://tower.im/projects/36de8571a0ff4833ae9d7f1c5c400c22/todos/0890c06f33dd46daa60fa1f97e97c28b/