/// <exception cref="System.IO.IOException"/>
private Org.Apache.Hadoop.Mapreduce.V2.App.Job.Job VerifyAndGetJob(JobId jobID, JobACL
accessType, bool exceptionThrow)
{
Org.Apache.Hadoop.Mapreduce.V2.App.Job.Job job = this._enclosing.appContext.GetJob
(jobID);
if (job == null && exceptionThrow)
{
throw new IOException("Unknown Job " + jobID);
}
UserGroupInformation ugi = UserGroupInformation.GetCurrentUser();
if (job != null && !job.CheckAccess(ugi, accessType))
{
throw new AccessControlException("User " + ugi.GetShortUserName() + " cannot perform operation "
+ accessType.ToString() + " on " + jobID);
}
return(job);
}
/// <summary>
/// If authorization is enabled, checks whether the user (in the callerUGI)
/// is authorized to perform the operation specified by 'jobOperation' on
/// the job by checking if the user is jobOwner or part of job ACL for the
/// specific job operation.
/// </summary>
/// <remarks>
/// If authorization is enabled, checks whether the user (in the callerUGI)
/// is authorized to perform the operation specified by 'jobOperation' on
/// the job by checking if the user is jobOwner or part of job ACL for the
/// specific job operation.
/// <ul>
/// <li>The owner of the job can do any operation on the job</li>
/// <li>For all other users/groups job-acls are checked</li>
/// </ul>
/// </remarks>
/// <param name="callerUGI"/>
/// <param name="jobOperation"/>
/// <param name="jobOwner"/>
/// <param name="jobACL"/>
public virtual bool CheckAccess(UserGroupInformation callerUGI, JobACL jobOperation
, string jobOwner, AccessControlList jobACL)
{
if (Log.IsDebugEnabled())
{
Log.Debug("checkAccess job acls, jobOwner: " + jobOwner + " jobacl: " + jobOperation
.ToString() + " user: " + callerUGI.GetShortUserName());
}
string user = callerUGI.GetShortUserName();
if (!AreACLsEnabled())
{
return(true);
}
// Allow Job-owner for any operation on the job
if (IsMRAdmin(callerUGI) || user.Equals(jobOwner) || jobACL.IsUserAllowed(callerUGI
))
{
return(true);
}
return(false);
}
/// <exception cref="System.IO.IOException"/>
private void CheckAccess(Org.Apache.Hadoop.Mapreduce.V2.App.Job.Job job, JobACL jobOperation
)
{
UserGroupInformation callerUGI;
callerUGI = UserGroupInformation.GetCurrentUser();
if (!job.CheckAccess(callerUGI, jobOperation))
{
throw new IOException(new AccessControlException("User " + callerUGI.GetShortUserName
() + " cannot perform operation " + jobOperation.ToString() + " on " + job.GetID
()));
}
}