@Override public final JobSecurityException unauthorized(final String user, final Permission permission) { final JobSecurityException result = new JobSecurityException(String.format(getLoggingLocale(), unauthorized$str(), user, permission)); final StackTraceElement[] st = result.getStackTrace(); result.setStackTrace(Arrays.copyOfRange(st, 1, st.length)); return result; } }
/** * If app security is enabled we just do a quick check to make sure the user is part of some batch role. * Otherwise we throw a JobSecurityException immediately. */ private void batchRoleCheck() { if (authService != null) { if (!authService.isInAnyBatchRole()) { throw new JobSecurityException("Current user " + authService.getRunAsUser() + " is not authorized to perform batch operations"); } } }
@Override public final JobSecurityException unauthorized(final String user, final Permission permission) { final JobSecurityException result = new JobSecurityException(String.format(getLoggingLocale(), unauthorized$str(), user, permission)); final StackTraceElement[] st = result.getStackTrace(); result.setStackTrace(Arrays.copyOfRange(st, 1, st.length)); return result; } }
@Override public IJobExecution getJobExecution(long executionId) throws NoSuchJobExecutionException, JobSecurityException { if (isAuthorized(persistenceService.getJobInstanceIdByExecutionId(executionId))) { return batchKernel.getJobExecution(executionId); } else { throw new JobSecurityException("The current user is not authorized to perform this operation"); } }
@Override public JobInstance getJobInstance(long executionId) throws NoSuchJobExecutionException, JobSecurityException { if (isAuthorized(persistenceService.getJobInstanceIdByExecutionId(executionId))) { return this.batchKernel.getJobInstance(executionId); } else { throw new JobSecurityException("The current user is not authorized to perform this operation"); } }
@Override public IJobExecution getJobExecution(long executionId) throws NoSuchJobExecutionException, JobSecurityException { if (isAuthorized(persistenceService.getJobInstanceIdByExecutionId(executionId))) { return batchKernel.getJobExecution(executionId); } else { throw new JobSecurityException("The current user is not authorized to perform this operation"); } }
@Override public JobInstance getJobInstance(long executionId) throws NoSuchJobExecutionException, JobSecurityException { if (isAuthorized(persistenceService.getJobInstanceIdByExecutionId(executionId))) { return this.batchKernel.getJobInstance(executionId); } else { throw new JobSecurityException("The current user is not authorized to perform this operation"); } }
@Override public Properties getParameters(long executionId) throws NoSuchJobExecutionException, JobSecurityException{ Properties props = null; JobInstance requestedJobInstance = batchKernel.getJobInstance(executionId); if (isAuthorized(requestedJobInstance.getInstanceId())) { props = persistenceService.getParameters(executionId); } else { logger.warning("getParameters: The current user is not authorized to perform this operation"); throw new JobSecurityException("The current user is not authorized to perform this operation"); } return props; }
@Override public Properties getParameters(long executionId) throws NoSuchJobExecutionException, JobSecurityException{ Properties props = null; JobInstance requestedJobInstance = batchKernel.getJobInstance(executionId); if (isAuthorized(requestedJobInstance.getInstanceId())) { props = persistenceService.getParameters(executionId); } else { logger.warning("getParameters: The current user is not authorized to perform this operation"); throw new JobSecurityException("The current user is not authorized to perform this operation"); } return props; }
@Override public List<JobExecution> getJobExecutions(JobInstance instance) throws NoSuchJobInstanceException, JobSecurityException { List<JobExecution> executions = new ArrayList<JobExecution>(); if (isAuthorized(instance.getInstanceId())) { // Mediate between one List<IJobExecution> executionImpls = persistenceService.jobOperatorGetJobExecutions(instance.getInstanceId()); if (executionImpls.size() == 0 ){ logger.warning("The current user is not authorized to perform this operation"); throw new NoSuchJobInstanceException( "Job: " + instance.getJobName() + " does not exist"); } for (IJobExecution e : executionImpls) { executions.add(e); } } else { logger.warning("The current user is not authorized to perform this operation"); throw new JobSecurityException("The current user is not authorized to perform this operation"); } return executions; }
@Override public List<JobExecution> getJobExecutions(JobInstance instance) throws NoSuchJobInstanceException, JobSecurityException { List<JobExecution> executions = new ArrayList<JobExecution>(); if (isAuthorized(instance.getInstanceId())) { // Mediate between one List<IJobExecution> executionImpls = persistenceService.jobOperatorGetJobExecutions(instance.getInstanceId()); if (executionImpls.size() == 0 ){ logger.warning("The current user is not authorized to perform this operation"); throw new NoSuchJobInstanceException( "Job: " + instance.getJobName() + " does not exist"); } for (IJobExecution e : executionImpls) { executions.add(e); } } else { logger.warning("The current user is not authorized to perform this operation"); throw new JobSecurityException("The current user is not authorized to perform this operation"); } return executions; }
@Override public void abandon(long executionId) throws NoSuchJobExecutionException, JobExecutionIsRunningException, JobSecurityException { if (isAuthorized(persistenceService.getJobInstanceIdByExecutionId(executionId))) { IJobExecution jobEx = persistenceService.jobOperatorGetJobExecution(executionId); // if it is not in STARTED or STARTING state, mark it as ABANDONED List<BatchStatus> runningStatusesList = Arrays.asList(new BatchStatus[] {BatchStatus.STARTED, BatchStatus.STARTING}); Set<BatchStatus> runningStatusesSet = Collections.unmodifiableSet(new HashSet<BatchStatus>(runningStatusesList)); if (!runningStatusesSet.contains(jobEx.getBatchStatus())) { // update table to reflect ABANDONED state long time = System.currentTimeMillis(); Timestamp timestamp = new Timestamp(time); persistenceService.updateBatchStatusOnly(jobEx.getExecutionId(), BatchStatus.ABANDONED, timestamp); logger.fine("Job Execution: " + executionId + " was abandoned"); // Don't forget to update JOBSTATUS table _jobStatusManagerService.updateJobBatchStatus(jobEx.getInstanceId(), BatchStatus.ABANDONED); } else { logger.warning("Job Execution: " + executionId + " is still running"); throw new JobExecutionIsRunningException("Job Execution: " + executionId + " is still running"); } } else { throw new JobSecurityException("The current user is not authorized to perform this operation"); } }
@Override public List<StepExecution> getStepExecutions(long executionId) throws NoSuchJobExecutionException, JobSecurityException { logger.entering(sourceClass, "getStepExecutions", executionId); List<StepExecution> stepExecutions = new ArrayList<StepExecution>(); IJobExecution jobEx = batchKernel.getJobExecution(executionId); if (jobEx == null){ logger.fine("Job Execution: " + executionId + " not found"); throw new NoSuchJobExecutionException("Job Execution: " + executionId + " not found"); } if (isAuthorized(persistenceService.getJobInstanceIdByExecutionId(executionId))) { stepExecutions = persistenceService.getStepExecutionsForJobExecution(executionId); } else { logger.warning("getStepExecutions: The current user is not authorized to perform this operation"); throw new JobSecurityException("The current user is not authorized to perform this operation"); } logger.exiting(sourceClass, "getStepExecutions", stepExecutions); return stepExecutions; }
@Override public void stop(long executionId) throws NoSuchJobExecutionException, JobExecutionNotRunningException, JobSecurityException { logger.entering(sourceClass, "stop", executionId); if (isAuthorized(persistenceService.getJobInstanceIdByExecutionId(executionId))) { batchKernel.stopJob(executionId); } else { throw new JobSecurityException("The current user is not authorized to perform this operation"); } logger.exiting(sourceClass, "stop"); }
@Override public List<StepExecution> getStepExecutions(long executionId) throws NoSuchJobExecutionException, JobSecurityException { logger.entering(sourceClass, "getStepExecutions", executionId); List<StepExecution> stepExecutions = new ArrayList<StepExecution>(); IJobExecution jobEx = batchKernel.getJobExecution(executionId); if (jobEx == null){ logger.fine("Job Execution: " + executionId + " not found"); throw new NoSuchJobExecutionException("Job Execution: " + executionId + " not found"); } if (isAuthorized(persistenceService.getJobInstanceIdByExecutionId(executionId))) { stepExecutions = persistenceService.getStepExecutionsForJobExecution(executionId); } else { logger.warning("getStepExecutions: The current user is not authorized to perform this operation"); throw new JobSecurityException("The current user is not authorized to perform this operation"); } logger.exiting(sourceClass, "getStepExecutions", stepExecutions); return stepExecutions; }
@Override public void stop(long executionId) throws NoSuchJobExecutionException, JobExecutionNotRunningException, JobSecurityException { logger.entering(sourceClass, "stop", executionId); if (isAuthorized(persistenceService.getJobInstanceIdByExecutionId(executionId))) { batchKernel.stopJob(executionId); } else { throw new JobSecurityException("The current user is not authorized to perform this operation"); } logger.exiting(sourceClass, "stop"); }
/** * {@inheritDoc} */ @Override public Set<String> getJobNames() { if (authService == null || authService.isAdmin() || authService.isMonitor()) { return persistenceManagerService.getJobNamesSet(); } else if (authService.isSubmitter()) { return persistenceManagerService.getJobNamesSet(authService.getRunAsUser()); } throw new JobSecurityException("The current user " + authService.getRunAsUser() + " is not authorized to perform any batch operations."); }
/** * {@inheritDoc} */ @Override public List<WSJobInstance> getJobInstances(IJPAQueryHelper queryHelper, int page, int pageSize) throws NoSuchJobExecutionException, JobSecurityException { if (authService == null || authService.isAdmin() || authService.isMonitor()) { return new ArrayList<WSJobInstance>(persistenceManagerService.getJobInstances(queryHelper, page, pageSize)); } else if (authService.isGroupAdmin() || authService.isGroupMonitor()) { queryHelper.setGroups(authService.getGroupsForSubject()); queryHelper.setQueryIssuer(authService.getRunAsUser()); return new ArrayList<WSJobInstance>(persistenceManagerService.getJobInstances(queryHelper, page, pageSize)); } else if (authService.isSubmitter()) { queryHelper.setQueryIssuer(authService.getRunAsUser()); return new ArrayList<WSJobInstance>(persistenceManagerService.getJobInstances(queryHelper, page, pageSize)); } throw new JobSecurityException("The current user " + batchSecurityHelper.getRunAsUser() + " is not authorized to perform any batch operations."); }
/** * {@inheritDoc} */ @Override public Set<String> getJobNames() throws JobSecurityException { batchRoleCheck(); // Check the user before bothering querying the DB if (authService == null || authService.isAdmin() || authService.isMonitor()) { // Do an unfiltered query return getPersistenceManagerService().getJobNamesSet(); } else if (authService.isSubmitter()) { return getPersistenceManagerService().getJobNamesSet(batchSecurityHelper.getRunAsUser()); } else { throw new JobSecurityException("Current user " + authService.getRunAsUser() + " is not authorized to perform batch operations"); } }
/** * {@inheritDoc} */ @Override public int getJobInstanceCount(String jobName) throws NoSuchJobException, JobSecurityException { int jobInstanceCount = 0; if (authService == null || authService.isAdmin() || authService.isMonitor()) { // Do an unfiltered query if no app security, or if the user is admin or monitor jobInstanceCount = getPersistenceManagerService().getJobInstanceCount(jobName); } else if (authService.isSubmitter()) { jobInstanceCount = getPersistenceManagerService().getJobInstanceCount(jobName, batchSecurityHelper.getRunAsUser()); } else { throw new JobSecurityException("Current user " + authService.getRunAsUser() + " is not authorized to perform batch operations"); } // Debate on mailing list if we should be reqiured to distinguish between 0 count and NoSuchJobException. if (jobInstanceCount == 0) { validateJobName(jobName); } return jobInstanceCount; }