[Feature] Add Support for Authorization (#285)

Author: arshadmohammad

pom.xml

@@ -33,6 +33,7 @@
     <description>Production ready big data processing product based on Apache Spark and Apache Flink.</description>
 
     <modules>
+        <module>seatunnel-web-common</module>
         <module>seatunnel-server</module>
         <module>seatunnel-datasource</module>
         <module>seatunnel-web-dist</module>

seatunnel-server/seatunnel-app/pom.xml

@@ -45,6 +45,11 @@
             <groupId>org.apache.seatunnel</groupId>
             <artifactId>seatunnel-common</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.apache.seatunnel</groupId>
+            <artifactId>seatunnel-web-common</artifactId>
+            <version>${project.version}</version>
+        </dependency>
         <dependency>
             <groupId>org.apache.seatunnel</groupId>
             <artifactId>seatunnel-api</artifactId>

seatunnel-server/seatunnel-app/src/main/bin/seatunnel-backend-daemon.sh

@@ -54,9 +54,14 @@ start() {
   fi
 
   echo "$WORKDIR"
+  CLASSPATH="$WORKDIR/../conf:$WORKDIR/../libs/*:$WORKDIR/../datasource/*"
+  if [ -d "$WORKDIR/../ranger-seatunnel-plugin" ]; then
+  CLASSPATH="$CLASSPATH:$WORKDIR/../ranger-seatunnel-plugin/lib/*.jar"
+  CLASSPATH="$CLASSPATH:$WORKDIR/../ranger-seatunnel-plugin/lib/ranger-seatunnel-plugin-impl/*"
+  fi
+
   nohup $JAVA_HOME/bin/java $JAVA_OPTS \
-  -cp "$WORKDIR/../conf":"$WORKDIR/../libs/*":"$WORKDIR/../datasource/*" \
-  $SPRING_OPTS \
+  -cp "$CLASSPATH" $SPRING_OPTS \
   org.apache.seatunnel.app.SeatunnelApplication >> "${LOGDIR}/seatunnel.out" 2>&1 &
   echo "seatunnel-web started"
 }

seatunnel-server/seatunnel-app/src/main/java/org/apache/seatunnel/app/adapter/SeatunnelWebAdapter.java

@@ -42,6 +42,8 @@ public class SeatunnelWebAdapter implements WebMvcConfigurer {
     public static final String LOGIN_INTERCEPTOR_PATH_PATTERN = "/**/*";
     public static final String LOGIN_PATH_PATTERN = "/seatunnel/api/v1/user/login**";
     public static final String REGISTER_PATH_PATTERN = "/users/register";
+    private static final String RESOURCE_NAME_PATH_PATTERN =
+            "/seatunnel/api/v1/resources/workspace";
 
     @Bean
     public AuthenticationInterceptor authenticationInterceptor() {
@@ -74,6 +76,7 @@ public void addInterceptors(InterceptorRegistry registry) {
                 .excludePathPatterns(
                         LOGIN_PATH_PATTERN,
                         REGISTER_PATH_PATTERN,
+                        RESOURCE_NAME_PATH_PATTERN,
                         "/swagger-resources/**",
                         "/webjars/**",
                         "/v2/**",

seatunnel-server/seatunnel-app/src/main/java/org/apache/seatunnel/app/controller/JobConfigController.java

@@ -46,7 +46,7 @@ Result<Void> updateJobConfig(
             @ApiParam(value = "jobVersionId", required = true) @PathVariable long jobVersionId,
             @ApiParam(value = "jobConfig", required = true) @RequestBody JobConfig jobConfig)
             throws JsonProcessingException {
-        jobConfigService.updateJobConfig(jobVersionId, jobConfig);
+        jobConfigService.updateJobConfig(jobVersionId, jobConfig, false);
         return Result.success();
     }
 
@@ -55,6 +55,6 @@ Result<Void> updateJobConfig(
     Result<JobConfigRes> getJobConfig(
             @ApiParam(value = "jobVersionId", required = true) @PathVariable long jobVersionId)
             throws JsonProcessingException {
-        return Result.success(jobConfigService.getJobConfig(jobVersionId));
+        return Result.success(jobConfigService.getJobConfig(jobVersionId, false));
     }
 }

seatunnel-server/seatunnel-app/src/main/java/org/apache/seatunnel/app/dal/mapper/JobLineMapper.java

@@ -27,7 +27,5 @@
 
 public interface JobLineMapper extends BaseMapper<JobLine> {
 
-    void deleteLinesByVersionId(@Param("versionId") long jobVersionId);
-
     void insertBatchLines(@Param("lines") List<JobLine> lines);
 }

seatunnel-server/seatunnel-app/src/main/java/org/apache/seatunnel/app/dal/mapper/UserMapper.java

@@ -49,4 +49,6 @@ User selectByNameAndPasswd(
             @Param("authProvider") String authProvider);
 
     List<User> queryEnabledUsers();
+
+    List<String> queryUserNames(@Param("searchName") String searchName);
 }

seatunnel-server/seatunnel-app/src/main/java/org/apache/seatunnel/app/interceptor/AuthenticationInterceptor.java

@@ -23,6 +23,7 @@
 import org.apache.seatunnel.app.dal.entity.UserLoginLog;
 import org.apache.seatunnel.app.security.JwtUtils;
 import org.apache.seatunnel.app.security.UserContext;
+import org.apache.seatunnel.common.access.AccessInfo;
 
 import org.apache.commons.lang3.StringUtils;
 
@@ -106,7 +107,12 @@ public boolean preHandle(
         UserContext userContext = new UserContext();
         userContext.setUser(user);
         userContext.setWorkspaceId(workspaceIdFromToken);
-        userContext.setWorkspaceName((String) map.get("workspaceName"));
+
+        AccessInfo accessInfo = new AccessInfo();
+        accessInfo.setUsername(user.getUsername());
+        accessInfo.setWorkspaceName((String) map.get("workspaceName"));
+        userContext.setAccessInfo(accessInfo);
+
         request.setAttribute(Constants.SESSION_USER_CONTEXT, userContext);
 
         request.setAttribute("userId", userId);

seatunnel-server/seatunnel-app/src/main/java/org/apache/seatunnel/app/permission/ISeatunnelPermissonService.java

@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.seatunnel.app.permission;
+
+import org.apache.seatunnel.common.access.SeatunnelAccessController;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class SeatunnelAccessControllerConfig {
+
+    @Value(
+            "${seatunnel-web.access-controller-class:org.apache.seatunnel.app.permission.SeatunnelAccessControllerDefaultImpl org.apache.seatunnel.app.permission.DefaultSeatunnelAccessController}")
+    private String accessControllerClassName;
+
+    @Bean
+    public SeatunnelAccessController seatunnelAccessController() {
+        try {
+            Class<?> clazz = Class.forName(accessControllerClassName);
+            return (SeatunnelAccessController) clazz.getDeclaredConstructor().newInstance();
+        } catch (Exception e) {
+            throw new IllegalStateException(
+                    "Failed to create SeatunnelAccessController instance for class: "
+                            + accessControllerClassName,
+                    e);
+        }
+    }
+}