update restful supports proxy user mode #1590

linkis-commons/linkis-module/src/main/java/org/apache/linkis/server/utils/ModuleUserUtils.java

@@ -22,7 +22,7 @@ public class ModuleUserUtils {
      * @param httpServletRequest
      * @return
      */
-    public ProxyUserEntity getProxyUserEntity(HttpServletRequest httpServletRequest) {
+    public static ProxyUserEntity getProxyUserEntity(HttpServletRequest httpServletRequest) {
         String loginUser = SecurityFilter.getLoginUsername(httpServletRequest);
         Option<String> proxyUserUsername =
                 ProxyUserSSOUtils.getProxyUserUsername(httpServletRequest);
@@ -41,7 +41,8 @@ public ProxyUserEntity getProxyUserEntity(HttpServletRequest httpServletRequest)
      * @param msg
      * @return
      */
-    public ProxyUserEntity getProxyUserEntity(HttpServletRequest httpServletRequest, String msg) {
+    public static ProxyUserEntity getProxyUserEntity(
+            HttpServletRequest httpServletRequest, String msg) {
         ProxyUserEntity proxyUserEntity = getProxyUserEntity(httpServletRequest);
         LOGGER.info(
                 "user {} proxy to {} operation {}",
@@ -51,7 +52,7 @@ public ProxyUserEntity getProxyUserEntity(HttpServletRequest httpServletRequest,
         return proxyUserEntity;
     }
 
-    public String getOperationUser(HttpServletRequest httpServletRequest) {
+    public static String getOperationUser(HttpServletRequest httpServletRequest) {
         ProxyUserEntity proxyUserEntity = getProxyUserEntity(httpServletRequest);
         if (proxyUserEntity.isProxyMode()) {
             return proxyUserEntity.getProxyUser();
@@ -67,7 +68,7 @@ public String getOperationUser(HttpServletRequest httpServletRequest) {
      * @param msg
      * @return
      */
-    public String getOperationUser(HttpServletRequest httpServletRequest, String msg) {
+    public static String getOperationUser(HttpServletRequest httpServletRequest, String msg) {
         ProxyUserEntity proxyUserEntity = getProxyUserEntity(httpServletRequest, msg);
         if (proxyUserEntity.isProxyMode()) {
             return proxyUserEntity.getProxyUser();

linkis-commons/linkis-storage/src/main/java/org/apache/linkis/storage/fs/impl/LocalFileSystem.java

@@ -180,7 +180,6 @@ public boolean canMkdir(FsPath destParentDir) throws IOException {
             }
             return true;
         }
-
     }
 
     @Override

linkis-computation-governance/linkis-entrance/src/main/java/org/apache/linkis/entrance/restful/EntranceRestfulApi.java

@@ -37,6 +37,7 @@
 import org.apache.linkis.scheduler.queue.SchedulerEventState;
 import org.apache.linkis.server.Message;
 import org.apache.linkis.server.security.SecurityFilter;
+import org.apache.linkis.server.utils.ModuleUserUtils;
 
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang.StringUtils;
@@ -76,7 +77,8 @@ public void setEntranceServer(EntranceServer entranceServer) {
     public Message execute(HttpServletRequest req, @RequestBody Map<String, Object> json) {
         Message message = null;
         logger.info("Begin to get an execID");
-        json.put(TaskConstant.UMUSER, SecurityFilter.getLoginUsername(req));
+        json.put(TaskConstant.EXECUTE_USER, ModuleUserUtils.getOperationUser(req));
+        json.put(TaskConstant.SUBMIT_USER, SecurityFilter.getLoginUsername(req));
         HashMap<String, String> map = (HashMap) json.get(TaskConstant.SOURCE);
         if (map == null) {
             map = new HashMap<>();
@@ -88,6 +90,7 @@ public Message execute(HttpServletRequest req, @RequestBody Map<String, Object>
         Job job = entranceServer.getJob(jobId).get();
         JobRequest jobReq = ((EntranceJob) job).getJobRequest();
         Long jobReqId = jobReq.getId();
+        ModuleUserUtils.getOperationUser(req, "execute task,id: " + jobReqId);
         pushLog(
                 LogUtils.generateInfo(
                         "You have submitted a new job, script code (after variable substitution) is"),
@@ -126,6 +129,7 @@ public Message execute(HttpServletRequest req, @RequestBody Map<String, Object>
     public Message submit(HttpServletRequest req, @RequestBody Map<String, Object> json) {
         Message message = null;
         logger.info("Begin to get an execID");
+        json.put(TaskConstant.EXECUTE_USER, ModuleUserUtils.getOperationUser(req));
         json.put(TaskConstant.SUBMIT_USER, SecurityFilter.getLoginUsername(req));
         HashMap<String, String> map = (HashMap) json.get(TaskConstant.SOURCE);
         if (map == null) {

linkis-computation-governance/linkis-entrance/src/main/scala/org/apache/linkis/entrance/EntranceWebSocketService.scala

@@ -120,7 +120,7 @@ class EntranceWebSocketService extends ServerEventService with EntranceEventList
   def dealExecute(event:ServerEvent):Message = {
     val params = event.getData.map{case (k, v) => k -> v.asInstanceOf[Any]}  //TODO Convert to a suitable Map(转换成合适的Map)
     val websocketTag = event.getWebsocketTag
-    params.put(TaskConstant.UMUSER, event.getUser)
+    params.put(TaskConstant.EXECUTE_USER, event.getUser)
     val jobId = entranceServer.execute(params)
     jobIdToEventId synchronized jobIdToEventId.put(jobId, event.getId)
     websocketTagJobID synchronized websocketTagJobID.put(jobId, websocketTag)

linkis-computation-governance/linkis-entrance/src/main/scala/org/apache/linkis/entrance/interceptor/impl/LabelCheckInterceptor.scala

@@ -70,12 +70,7 @@ class LabelCheckInterceptor extends EntranceInterceptor {
     if (userCreatorLabelOption.isDefined) {
       val userCreator = userCreatorLabelOption.get.asInstanceOf[UserCreatorLabel]
       if (StringUtils.isNotBlank(userCreator.getUser)) {
-        val userInLabel = userCreator.getUser
-        if (userInLabel.equalsIgnoreCase(executeUser) && userInLabel.equalsIgnoreCase(submitUser)) {
         return
-        } else {
-          throw LabelCheckException(50080, s"SubmitUser : ${submitUser} must be the same as ExecuteUser : ${executeUser} , and user : ${userInLabel} in userCreatorLabel.")
-        }
       }
     }
     throw LabelCheckException(50079, "UserCreatorLabel must be need")

linkis-computation-governance/linkis-entrance/src/main/scala/org/apache/linkis/entrance/parser/CommonEntranceParser.scala

@@ -155,13 +155,13 @@ class CommonEntranceParser(val persistenceManager: PersistenceManager) extends A
 
     val jobReq = new JobRequest
     jobReq.setCreatedTime(new Date(System.currentTimeMillis))
-    val umUser = params.get(TaskConstant.UMUSER).asInstanceOf[String]
+    val umUser = params.get(TaskConstant.EXECUTE_USER).asInstanceOf[String]
     val submitUser = params.get(TaskConstant.SUBMIT_USER).asInstanceOf[String]
     jobReq.setSubmitUser(submitUser)
     if (StringUtils.isBlank(submitUser)) {
       jobReq.setSubmitUser(umUser)
     }
-    if (umUser == null) throw new EntranceIllegalParamException(20005, "umUser can not be null")
+    if (umUser == null) throw new EntranceIllegalParamException(20005, "execute user can not be null")
     jobReq.setExecuteUser(umUser)
     var executionCode = params.get(TaskConstant.EXECUTIONCODE).asInstanceOf[String]
     val _params = params.get(TaskConstant.PARAMS)

linkis-computation-governance/linkis-manager/linkis-application-manager/src/main/java/org/apache/linkis/manager/am/restful/EMRestfulApi.java

@@ -43,7 +43,7 @@
 import org.apache.linkis.manager.label.exception.LabelErrorException;
 import org.apache.linkis.manager.label.service.NodeLabelService;
 import org.apache.linkis.server.Message;
-import org.apache.linkis.server.security.SecurityFilter;
+import org.apache.linkis.server.utils.ModuleUserUtils;
 
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang.ArrayUtils;
@@ -106,7 +106,7 @@ public Message listAllEMs(
             @RequestParam(value = "nodeHealthy", required = false) String nodeHealthy,
             @RequestParam(value = "owner", required = false) String owner)
             throws AMErrorException {
-        String userName = SecurityFilter.getLoginUsername(req);
+        String userName = ModuleUserUtils.getOperationUser(req, "listAllEMs");
         checkAdmin(userName);
         EMNode[] allEM = emInfoService.getAllEM();
         ArrayList<EMNodeVo> allEMVo = AMUtils.copyToEMVo(allEM);
@@ -172,7 +172,7 @@ public Message listAllNodeHealthyStatus(
     @Transactional(rollbackFor = Exception.class)
     public Message modifyEMInfo(HttpServletRequest req, @RequestBody JsonNode jsonNode)
             throws AMErrorException, LabelErrorException {
-        String username = SecurityFilter.getLoginUsername(req);
+        String username = ModuleUserUtils.getOperationUser(req, "modifyEMInfo");
         checkAdmin(username);
         String applicationName = jsonNode.get("applicationName").asText();
         String instance = jsonNode.get("instance").asText();
@@ -232,8 +232,9 @@ public Message modifyEMInfo(HttpServletRequest req, @RequestBody JsonNode jsonNo
     @RequestMapping(path = "/executeECMOperationByEC", method = RequestMethod.POST)
     public Message executeECMOperationByEC(HttpServletRequest req, @RequestBody JsonNode jsonNode)
             throws AMErrorException {
-        String userName = SecurityFilter.getLoginUsername(req);
+
         ServiceInstance serviceInstance = EngineRestfulApi.getServiceInstance(jsonNode);
+        String userName = ModuleUserUtils.getOperationUser(req, "executeECMOperationByEC");
         logger.info(
                 "User {} try to execute ECM Operation by EngineConn {}.",
                 userName,
@@ -268,7 +269,7 @@ public Message executeECMOperationByEC(HttpServletRequest req, @RequestBody Json
     @RequestMapping(path = "/executeECMOperation", method = RequestMethod.POST)
     public Message executeECMOperation(HttpServletRequest req, @RequestBody JsonNode jsonNode)
             throws AMErrorException {
-        String userName = SecurityFilter.getLoginUsername(req);
+        String userName = ModuleUserUtils.getOperationUser(req, "executeECMOperation");
         ServiceInstance serviceInstance = EngineRestfulApi.getServiceInstance(jsonNode);
         logger.info("User {} try to execute ECM Operation with {}.", userName, serviceInstance);
         EMNode ecmNode = this.emInfoService.getEM(serviceInstance);
@@ -294,7 +295,7 @@ public Message executeECMOperation(HttpServletRequest req, @RequestBody JsonNode
     @RequestMapping(path = "/openEngineLog", method = RequestMethod.POST)
     public Message openEngineLog(HttpServletRequest req, @RequestBody JsonNode jsonNode)
             throws AMErrorException {
-        String userName = SecurityFilter.getLoginUsername(req);
+        String userName = ModuleUserUtils.getOperationUser(req, "openEngineLog");
         EMNode ecmNode;
         Map<String, Object> parameters;
         try {

linkis-computation-governance/linkis-manager/linkis-application-manager/src/main/java/org/apache/linkis/manager/am/restful/EngineRestfulApi.java

@@ -43,7 +43,7 @@
 import org.apache.linkis.manager.label.service.NodeLabelService;
 import org.apache.linkis.rpc.Sender;
 import org.apache.linkis.server.Message;
-import org.apache.linkis.server.security.SecurityFilter;
+import org.apache.linkis.server.utils.ModuleUserUtils;
 
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang.StringUtils;
@@ -90,7 +90,7 @@ public class EngineRestfulApi {
     @RequestMapping(path = "/createEngineConn", method = RequestMethod.POST)
     public Message createEngineConn(HttpServletRequest req, @RequestBody JsonNode jsonNode)
             throws IOException, InterruptedException {
-        String userName = SecurityFilter.getLoginUsername(req);
+        String userName = ModuleUserUtils.getOperationUser(req, "createEngineConn");
         EngineCreateRequest engineCreateRequest =
                 objectMapper.treeToValue(jsonNode, EngineCreateRequest.class);
         engineCreateRequest.setUser(userName);
@@ -135,7 +135,7 @@ public Message createEngineConn(HttpServletRequest req, @RequestBody JsonNode js
     @RequestMapping(path = "/getEngineConn", method = RequestMethod.POST)
     public Message getEngineConn(HttpServletRequest req, @RequestBody JsonNode jsonNode)
             throws AMErrorException {
-        String userName = SecurityFilter.getLoginUsername(req);
+        String userName = ModuleUserUtils.getOperationUser(req, "getEngineConn");
         ServiceInstance serviceInstance = getServiceInstance(jsonNode);
         EngineNode engineNode = engineCreateService.getEngineNode(serviceInstance);
         if (!userName.equals(engineNode.getOwner()) && !isAdmin(userName)) {
@@ -147,8 +147,10 @@ public Message getEngineConn(HttpServletRequest req, @RequestBody JsonNode jsonN
     @RequestMapping(path = "/killEngineConn", method = RequestMethod.POST)
     public Message killEngineConn(HttpServletRequest req, @RequestBody JsonNode jsonNode)
             throws Exception {
-        String userName = SecurityFilter.getLoginUsername(req);
+
         ServiceInstance serviceInstance = getServiceInstance(jsonNode);
+        String userName =
+                ModuleUserUtils.getOperationUser(req, "killEngineConn：" + serviceInstance);
         logger.info("User {} try to kill engineConn {}.", userName, serviceInstance);
         EngineNode engineNode = engineCreateService.getEngineNode(serviceInstance);
         if (!userName.equals(engineNode.getOwner()) && !isAdmin(userName)) {
@@ -164,7 +166,7 @@ public Message killEngineConn(HttpServletRequest req, @RequestBody JsonNode json
     @RequestMapping(path = "/rm/enginekill", method = RequestMethod.POST)
     public Message killEngine(HttpServletRequest req, @RequestBody Map<String, String>[] param)
             throws Exception {
-        String userName = SecurityFilter.getLoginUsername(req);
+        String userName = ModuleUserUtils.getOperationUser(req, "enginekill");
         Sender sender = Sender.getSender(Sender.getThisServiceInstance());
         for (Map<String, String> engineParam : param) {
             String moduleName = engineParam.get("applicationName");
@@ -180,15 +182,15 @@ public Message killEngine(HttpServletRequest req, @RequestBody Map<String, Strin
 
     @RequestMapping(path = "/listUserEngines", method = RequestMethod.GET)
     public Message listUserEngines(HttpServletRequest req) {
-        String userName = SecurityFilter.getLoginUsername(req);
+        String userName = ModuleUserUtils.getOperationUser(req, "listUserEngines");
         List<EngineNode> engineNodes = engineInfoService.listUserEngines(userName);
         return Message.ok().data("engines", engineNodes);
     }
 
     @RequestMapping(path = "/listEMEngines", method = RequestMethod.POST)
     public Message listEMEngines(HttpServletRequest req, @RequestBody JsonNode jsonNode)
             throws IOException, AMErrorException {
-        String username = SecurityFilter.getLoginUsername(req);
+        String username = ModuleUserUtils.getOperationUser(req, "listEMEngines");
         if (!isAdmin(username)) {
             throw new AMErrorException(
                     210003, "Only admin can search engine information(只有管理员才能查询所有引擎信息).");
@@ -265,7 +267,7 @@ public Message listEMEngines(HttpServletRequest req, @RequestBody JsonNode jsonN
     @RequestMapping(path = "/modifyEngineInfo", method = RequestMethod.PUT)
     public Message modifyEngineInfo(HttpServletRequest req, @RequestBody JsonNode jsonNode)
             throws AMErrorException, LabelErrorException {
-        String username = SecurityFilter.getLoginUsername(req);
+        String username = ModuleUserUtils.getOperationUser(req, "modifyEngineInfo");
         if (!isAdmin(username)) {
             throw new AMErrorException(
                     210003, "Only admin can modify engineConn information(只有管理员才能修改引擎信息).");
@@ -309,7 +311,7 @@ public Message listAllNodeHealthyStatus(
     @RequestMapping(path = "/executeEngineConnOperation", method = RequestMethod.POST)
     public Message executeEngineConnOperation(
             HttpServletRequest req, @RequestBody JsonNode jsonNode) throws Exception {
-        String userName = SecurityFilter.getLoginUsername(req);
+        String userName = ModuleUserUtils.getOperationUser(req, "executeEngineConnOperation");
         ServiceInstance serviceInstance = getServiceInstance(jsonNode);
         logger.info("User {} try to execute Engine Operation {}.", userName, serviceInstance);
         EngineNode engineNode = engineCreateService.getEngineNode(serviceInstance);

linkis-computation-governance/linkis-manager/linkis-resource-manager/src/main/scala/org/apache/linkis/resourcemanager/restful/RMMonitorRest.scala

@@ -44,6 +44,7 @@ import org.apache.linkis.resourcemanager.service.impl.UserResourceService
 import org.apache.linkis.resourcemanager.service.{LabelResourceService, ResourceManager}
 import org.apache.linkis.resourcemanager.utils.{RMUtils, UserConfiguration}
 import org.apache.linkis.server.security.SecurityFilter
+import org.apache.linkis.server.utils.ModuleUserUtils
 import org.apache.linkis.server.{BDPJettyServerHelper, Message}
 import org.json4s.DefaultFormats
 import org.json4s.jackson.Serialization.write
@@ -108,7 +109,7 @@ class RMMonitorRest extends Logging {
   @RequestMapping(path = Array("applicationlist"), method = Array(RequestMethod.POST))
   def getApplicationList(request: HttpServletRequest, @RequestBody param: util.Map[String, AnyRef]): Message = {
     val message = Message.ok("")
-    val userName = SecurityFilter.getLoginUsername(request)
+    val userName = ModuleUserUtils.getOperationUser(request, "applicationlist")
     val userCreator = param.get("userCreator").asInstanceOf[String]
     val engineType = if (param.get("engineType") == null) null else param.get("engineType").asInstanceOf[String]
     val nodes = getEngineNodes(userName, true)
@@ -228,7 +229,7 @@ class RMMonitorRest extends Logging {
   @RequestMapping(path = Array("userresources"), method = Array(RequestMethod.POST))
   def getUserResource(request: HttpServletRequest, @RequestBody(required = false) param: util.Map[String, AnyRef]): Message = {
     val message = Message.ok("")
-    val userName = SecurityFilter.getLoginUsername(request)
+    val userName = ModuleUserUtils.getOperationUser(request, "get userresources")
     var nodes = getEngineNodes(userName, true)
     if (nodes == null) {
       nodes = new Array[EngineNode](0)
@@ -336,7 +337,7 @@ class RMMonitorRest extends Logging {
   @RequestMapping(path = Array("engines"), method = Array(RequestMethod.POST))
   def getEngines(request: HttpServletRequest, @RequestBody(required = false) param: util.Map[String, AnyRef]): Message = {
     val message = Message.ok("")
-    val userName = SecurityFilter.getLoginUsername(request)
+    val userName = ModuleUserUtils.getOperationUser(request, "get engines")
     val nodes = getEngineNodes(userName, true)
     if(nodes == null || nodes.isEmpty) return message
     val engines = ArrayBuffer[mutable.HashMap[String, Any]]()
@@ -455,7 +456,7 @@ class RMMonitorRest extends Logging {
   @RequestMapping(path = Array("queues"), method = Array(RequestMethod.POST))
   def getQueues(request: HttpServletRequest, @RequestBody(required = false) param: util.Map[String, AnyRef]): Message = {
     val message = Message.ok()
-    val userName = SecurityFilter.getLoginUsername(request)
+    val userName = ModuleUserUtils.getOperationUser(request, "get queues")
     val clusters = new mutable.ArrayBuffer[Any]()
     val clusterInfo = new mutable.HashMap[String, Any]()
     val queues = new mutable.LinkedHashSet[String]()