Java 类org.apache.hadoop.mapred.AuditLogger.Constants 实例源码

项目:hadoop-2.6.0-cdh5.4.3    文件:JobTracker.java   
/**
 * Rereads the config to get hosts and exclude list file names.
 * Rereads the files to update the hosts and exclude lists.
 */
public synchronized void refreshNodes() throws IOException {
  String user = UserGroupInformation.getCurrentUser().getShortUserName();
  // check access
  if (!aclsManager.isMRAdmin(UserGroupInformation.getCurrentUser())) {
    AuditLogger.logFailure(user, Constants.REFRESH_NODES, 
        aclsManager.getAdminsAcl().toString(), Constants.JOBTRACKER, 
        Constants.UNAUTHORIZED_USER);
    throw new AccessControlException(user + 
                                     " is not authorized to refresh nodes.");
  }

  AuditLogger.logSuccess(user, Constants.REFRESH_NODES, Constants.JOBTRACKER);
  // call the actual api
  refreshHosts();
}
项目:hadoop-on-lustre    文件:JobTracker.java   
/**
 * Rereads the config to get hosts and exclude list file names.
 * Rereads the files to update the hosts and exclude lists.
 */
public synchronized void refreshNodes() throws IOException {
  String user = UserGroupInformation.getCurrentUser().getShortUserName();
  // check access
  if (!aclsManager.isMRAdmin(UserGroupInformation.getCurrentUser())) {
    AuditLogger.logFailure(user, Constants.REFRESH_NODES, 
        aclsManager.getAdminsAcl().toString(), Constants.JOBTRACKER, 
        Constants.UNAUTHORIZED_USER);
    throw new AccessControlException(user + 
                                     " is not authorized to refresh nodes.");
  }

  AuditLogger.logSuccess(user, Constants.REFRESH_NODES, Constants.JOBTRACKER);
  // call the actual api
  refreshHosts();
}
项目:hanoi-hadoop-2.0.0-cdh    文件:JobTracker.java   
/**
 * Rereads the config to get hosts and exclude list file names.
 * Rereads the files to update the hosts and exclude lists.
 */
public synchronized void refreshNodes() throws IOException {
  String user = UserGroupInformation.getCurrentUser().getShortUserName();
  // check access
  if (!aclsManager.isMRAdmin(UserGroupInformation.getCurrentUser())) {
    AuditLogger.logFailure(user, Constants.REFRESH_NODES, 
        aclsManager.getAdminsAcl().toString(), Constants.JOBTRACKER, 
        Constants.UNAUTHORIZED_USER);
    throw new AccessControlException(user + 
                                     " is not authorized to refresh nodes.");
  }

  AuditLogger.logSuccess(user, Constants.REFRESH_NODES, Constants.JOBTRACKER);
  // call the actual api
  refreshHosts();
}
项目:mapreduce-fork    文件:JobTracker.java   
/**
 * Rereads the config to get hosts and exclude list file names.
 * Rereads the files to update the hosts and exclude lists.
 */
public synchronized void refreshNodes() throws IOException {
  String user = UserGroupInformation.getCurrentUser().getShortUserName();
  // check access
  if (!aclsManager.isMRAdmin(UserGroupInformation.getCurrentUser())) {
    AuditLogger.logFailure(user, Constants.REFRESH_NODES,
        aclsManager.getAdminsAcl().toString(), Constants.JOBTRACKER,
        Constants.UNAUTHORIZED_USER);
    throw new AccessControlException(user + 
                                     " is not authorized to refresh nodes.");
  }

  AuditLogger.logSuccess(user, Constants.REFRESH_NODES, Constants.JOBTRACKER);
  // call the actual api
  refreshHosts();
}
项目:mammoth    文件:JobTracker.java   
/**
 * Rereads the config to get hosts and exclude list file names.
 * Rereads the files to update the hosts and exclude lists.
 */
public synchronized void refreshNodes() throws IOException {
  String user = UserGroupInformation.getCurrentUser().getShortUserName();
  // check access
  if (!aclsManager.isMRAdmin(UserGroupInformation.getCurrentUser())) {
    AuditLogger.logFailure(user, Constants.REFRESH_NODES, 
        aclsManager.getAdminsAcl().toString(), Constants.JOBTRACKER, 
        Constants.UNAUTHORIZED_USER);
    throw new AccessControlException(user + 
                                     " is not authorized to refresh nodes.");
  }

  AuditLogger.logSuccess(user, Constants.REFRESH_NODES, Constants.JOBTRACKER);
  // call the actual api
  refreshHosts();
}
项目:hortonworks-extension    文件:JobTracker.java   
/**
 * Rereads the config to get hosts and exclude list file names.
 * Rereads the files to update the hosts and exclude lists.
 */
public synchronized void refreshNodes() throws IOException {
  String user = UserGroupInformation.getCurrentUser().getShortUserName();
  // check access
  if (!aclsManager.isMRAdmin(UserGroupInformation.getCurrentUser())) {
    AuditLogger.logFailure(user, Constants.REFRESH_NODES, 
        aclsManager.getAdminsAcl().toString(), Constants.JOBTRACKER, 
        Constants.UNAUTHORIZED_USER);
    throw new AccessControlException(user + 
                                     " is not authorized to refresh nodes.");
  }

  AuditLogger.logSuccess(user, Constants.REFRESH_NODES, Constants.JOBTRACKER);
  // call the actual api
  refreshHosts();
}
项目:hortonworks-extension    文件:JobTracker.java   
/**
 * Rereads the config to get hosts and exclude list file names.
 * Rereads the files to update the hosts and exclude lists.
 */
public synchronized void refreshNodes() throws IOException {
  String user = UserGroupInformation.getCurrentUser().getShortUserName();
  // check access
  if (!aclsManager.isMRAdmin(UserGroupInformation.getCurrentUser())) {
    AuditLogger.logFailure(user, Constants.REFRESH_NODES, 
        aclsManager.getAdminsAcl().toString(), Constants.JOBTRACKER, 
        Constants.UNAUTHORIZED_USER);
    throw new AccessControlException(user + 
                                     " is not authorized to refresh nodes.");
  }

  AuditLogger.logSuccess(user, Constants.REFRESH_NODES, Constants.JOBTRACKER);
  // call the actual api
  refreshHosts();
}
项目:hadoop-on-lustre    文件:JobTracker.java   
public boolean setSafeMode(JobTracker.SafeModeAction safeModeAction) 
    throws IOException {
  String user = UserGroupInformation.getCurrentUser().getShortUserName();

  // Anyone can check JT safe-mode
  if (safeModeAction == SafeModeAction.SAFEMODE_GET) {
    boolean safeMode = this.safeMode.get();
    LOG.info("Getting safemode information: safemode=" + safeMode + ". " +
        "Requested by : " +
        UserGroupInformation.getCurrentUser().getShortUserName());
    AuditLogger.logSuccess(user, Constants.GET_SAFEMODE, 
        Constants.JOBTRACKER);
    return safeMode;
  }

  // Check access for modifications to safe-mode
  if (!aclsManager.isMRAdmin(UserGroupInformation.getCurrentUser())) {
    AuditLogger.logFailure(user, Constants.SET_SAFEMODE, 
        aclsManager.getAdminsAcl().toString(), Constants.JOBTRACKER, 
        Constants.UNAUTHORIZED_USER);
    throw new AccessControlException(user + 
                                     " is not authorized to refresh nodes.");
  }
  AuditLogger.logSuccess(user, Constants.SET_SAFEMODE, Constants.JOBTRACKER);

  boolean currSafeMode = setSafeModeInternal(safeModeAction);
  adminSafeMode.set(currSafeMode);
  adminSafeModeUser = user;
  return currSafeMode;
}
项目:hortonworks-extension    文件:JobTracker.java   
public boolean setSafeMode(JobTracker.SafeModeAction safeModeAction) 
    throws IOException {
  String user = UserGroupInformation.getCurrentUser().getShortUserName();

  // Anyone can check JT safe-mode
  if (safeModeAction == SafeModeAction.SAFEMODE_GET) {
    boolean safeMode = this.safeMode.get();
    LOG.info("Getting safemode information: safemode=" + safeMode + ". " +
        "Requested by : " +
        UserGroupInformation.getCurrentUser().getShortUserName());
    AuditLogger.logSuccess(user, Constants.GET_SAFEMODE, 
        Constants.JOBTRACKER);
    return safeMode;
  }

  // Check access for modifications to safe-mode
  if (!aclsManager.isMRAdmin(UserGroupInformation.getCurrentUser())) {
    AuditLogger.logFailure(user, Constants.SET_SAFEMODE, 
        aclsManager.getAdminsAcl().toString(), Constants.JOBTRACKER, 
        Constants.UNAUTHORIZED_USER);
    throw new AccessControlException(user + 
                                     " is not authorized to refresh nodes.");
  }
  AuditLogger.logSuccess(user, Constants.SET_SAFEMODE, Constants.JOBTRACKER);

  boolean currSafeMode = setSafeModeInternal(safeModeAction);
  adminSafeMode.set(currSafeMode);
  adminSafeModeUser = user;
  return currSafeMode;
}
项目:hortonworks-extension    文件:JobTracker.java   
public boolean setSafeMode(JobTracker.SafeModeAction safeModeAction) 
    throws IOException {
  String user = UserGroupInformation.getCurrentUser().getShortUserName();

  // Anyone can check JT safe-mode
  if (safeModeAction == SafeModeAction.SAFEMODE_GET) {
    boolean safeMode = this.safeMode.get();
    LOG.info("Getting safemode information: safemode=" + safeMode + ". " +
        "Requested by : " +
        UserGroupInformation.getCurrentUser().getShortUserName());
    AuditLogger.logSuccess(user, Constants.GET_SAFEMODE, 
        Constants.JOBTRACKER);
    return safeMode;
  }

  // Check access for modifications to safe-mode
  if (!aclsManager.isMRAdmin(UserGroupInformation.getCurrentUser())) {
    AuditLogger.logFailure(user, Constants.SET_SAFEMODE, 
        aclsManager.getAdminsAcl().toString(), Constants.JOBTRACKER, 
        Constants.UNAUTHORIZED_USER);
    throw new AccessControlException(user + 
                                     " is not authorized to refresh nodes.");
  }
  AuditLogger.logSuccess(user, Constants.SET_SAFEMODE, Constants.JOBTRACKER);

  boolean currSafeMode = setSafeModeInternal(safeModeAction);
  adminSafeMode.set(currSafeMode);
  adminSafeModeUser = user;
  return currSafeMode;
}
项目:hadoop-2.6.0-cdh5.4.3    文件:ACLsManager.java   
/**
 * Check the ACLs for a user doing the passed operation.
 * <ul>
 * <li>If ACLs are disabled, allow all users.</li>
 * <li>If the operation is not a job operation(for eg. submit-job-to-queue),
 *  then allow only (a) clusterOwner(who started the cluster), (b)cluster 
 *  administrators and (c) members of queue-submit-job-acl for the queue.</li>
 * <li>If the operation is a job operation, then allow only (a) jobOwner,
 * (b) clusterOwner(who started the cluster), (c) cluster administrators,
 * (d) members of queue admins acl for the queue and (e) members of job
 * acl for the jobOperation</li>
 * </ul>
 * 
 * callerUGI is the user who is trying to perform the operation.
 * jobAcl could be job-view-acl or job-modify-acl depending on job operation.
 */
void checkAccess(String jobId, UserGroupInformation callerUGI,
    String queue, Operation operation, String jobOwner,
    AccessControlList jobAcl) throws AccessControlException {
  if (!aclsEnabled) {
    return;
  }

  String user = callerUGI.getShortUserName();
  String targetResource = jobId + " in queue " + queue;

  // Allow mapreduce cluster admins to do any queue operation and
  // any job operation
  if (isMRAdmin(callerUGI)) {
    AuditLogger.logSuccess(user, operation.name(), targetResource);
    return;
  }

  if (operation == Operation.SUBMIT_JOB) {
    // This is strictly queue operation(not a job operation)
    if (!queueManager.hasAccess(queue, operation.qACLNeeded, callerUGI)) {
      AuditLogger.logFailure(user, operation.name(),
          queueManager.getQueueACL(queue, operation.qACLNeeded).toString(),
          targetResource, Constants.UNAUTHORIZED_USER);

      throw new AccessControlException("User "
          + callerUGI.getShortUserName() + " cannot perform "
          + "operation " + operation.name() + " on queue " + queue
          + ".\n Please run \"hadoop queue -showacls\" "
          + "command to find the queues you have access to .");
    } else {
      AuditLogger.logSuccess(user, operation.name(), targetResource);
      return;
    }
  }

  // Check if callerUGI is queueAdmin, jobOwner or part of job-acl.
  // queueManager and queue are null only when called from
  // TaskTracker(i.e. from TaskLogServlet) for the operation VIEW_TASK_LOGS.
  // Caller of this method takes care of checking if callerUGI is a
  // queue administrator for that operation.
  if (operation == Operation.VIEW_TASK_LOGS) {
    if (jobACLsManager.checkAccess(callerUGI, operation.jobACLNeeded,
        jobOwner, jobAcl)) {
      AuditLogger.logSuccess(user, operation.name(), targetResource);
      return;
    }
  } else if (queueManager.hasAccess(queue, operation.qACLNeeded, callerUGI) ||
             jobACLsManager.checkAccess(callerUGI, operation.jobACLNeeded,
             jobOwner, jobAcl)) {
    AuditLogger.logSuccess(user, operation.name(), targetResource);
    return;
  }

  AuditLogger.logFailure(user, operation.name(), jobAcl.toString(),
      targetResource, Constants.UNAUTHORIZED_USER);

  throw new AccessControlException("User "
      + callerUGI.getShortUserName() + " cannot perform operation "
      + operation.name() + " on " + jobId + " that is in the queue "
      + queue);
}
项目:hadoop-on-lustre    文件:ACLsManager.java   
/**
 * Check the ACLs for a user doing the passed operation.
 * <ul>
 * <li>If ACLs are disabled, allow all users.</li>
 * <li>If the operation is not a job operation(for eg. submit-job-to-queue),
 *  then allow only (a) clusterOwner(who started the cluster), (b)cluster 
 *  administrators and (c) members of queue-submit-job-acl for the queue.</li>
 * <li>If the operation is a job operation, then allow only (a) jobOwner,
 * (b) clusterOwner(who started the cluster), (c) cluster administrators,
 * (d) members of queue admins acl for the queue and (e) members of job
 * acl for the jobOperation</li>
 * </ul>
 * 
 * callerUGI is the user who is trying to perform the operation.
 * jobAcl could be job-view-acl or job-modify-acl depending on job operation.
 */
void checkAccess(String jobId, UserGroupInformation callerUGI,
    String queue, Operation operation, String jobOwner,
    AccessControlList jobAcl) throws AccessControlException {
  if (!aclsEnabled) {
    return;
  }

  String user = callerUGI.getShortUserName();
  String targetResource = jobId + " in queue " + queue;

  // Allow mapreduce cluster admins to do any queue operation and
  // any job operation
  if (isMRAdmin(callerUGI)) {
    AuditLogger.logSuccess(user, operation.name(), targetResource);
    return;
  }

  if (operation == Operation.SUBMIT_JOB) {
    // This is strictly queue operation(not a job operation)
    if (!queueManager.hasAccess(queue, operation.qACLNeeded, callerUGI)) {
      AuditLogger.logFailure(user, operation.name(),
          queueManager.getQueueACL(queue, operation.qACLNeeded).toString(),
          targetResource, Constants.UNAUTHORIZED_USER);

      throw new AccessControlException("User "
          + callerUGI.getShortUserName() + " cannot perform "
          + "operation " + operation.name() + " on queue " + queue
          + ".\n Please run \"hadoop queue -showacls\" "
          + "command to find the queues you have access to .");
    } else {
      AuditLogger.logSuccess(user, operation.name(), targetResource);
      return;
    }
  }

  // Check if callerUGI is queueAdmin, jobOwner or part of job-acl.
  // queueManager and queue are null only when called from
  // TaskTracker(i.e. from TaskLogServlet) for the operation VIEW_TASK_LOGS.
  // Caller of this method takes care of checking if callerUGI is a
  // queue administrator for that operation.
  if (operation == Operation.VIEW_TASK_LOGS) {
    if (jobACLsManager.checkAccess(callerUGI, operation.jobACLNeeded,
        jobOwner, jobAcl)) {
      AuditLogger.logSuccess(user, operation.name(), targetResource);
      return;
    }
  } else if (queueManager.hasAccess(queue, operation.qACLNeeded, callerUGI) ||
             jobACLsManager.checkAccess(callerUGI, operation.jobACLNeeded,
             jobOwner, jobAcl)) {
    AuditLogger.logSuccess(user, operation.name(), targetResource);
    return;
  }

  AuditLogger.logFailure(user, operation.name(), jobAcl.toString(),
      targetResource, Constants.UNAUTHORIZED_USER);

  throw new AccessControlException("User "
      + callerUGI.getShortUserName() + " cannot perform operation "
      + operation.name() + " on " + jobId + " that is in the queue "
      + queue);
}
项目:hanoi-hadoop-2.0.0-cdh    文件:ACLsManager.java   
/**
 * Check the ACLs for a user doing the passed operation.
 * <ul>
 * <li>If ACLs are disabled, allow all users.</li>
 * <li>If the operation is not a job operation(for eg. submit-job-to-queue),
 *  then allow only (a) clusterOwner(who started the cluster), (b)cluster 
 *  administrators and (c) members of queue-submit-job-acl for the queue.</li>
 * <li>If the operation is a job operation, then allow only (a) jobOwner,
 * (b) clusterOwner(who started the cluster), (c) cluster administrators,
 * (d) members of queue admins acl for the queue and (e) members of job
 * acl for the jobOperation</li>
 * </ul>
 * 
 * callerUGI is the user who is trying to perform the operation.
 * jobAcl could be job-view-acl or job-modify-acl depending on job operation.
 */
void checkAccess(String jobId, UserGroupInformation callerUGI,
    String queue, Operation operation, String jobOwner,
    AccessControlList jobAcl) throws AccessControlException {
  if (!aclsEnabled) {
    return;
  }

  String user = callerUGI.getShortUserName();
  String targetResource = jobId + " in queue " + queue;

  // Allow mapreduce cluster admins to do any queue operation and
  // any job operation
  if (isMRAdmin(callerUGI)) {
    AuditLogger.logSuccess(user, operation.name(), targetResource);
    return;
  }

  if (operation == Operation.SUBMIT_JOB) {
    // This is strictly queue operation(not a job operation)
    if (!queueManager.hasAccess(queue, operation.qACLNeeded, callerUGI)) {
      AuditLogger.logFailure(user, operation.name(),
          queueManager.getQueueACL(queue, operation.qACLNeeded).toString(),
          targetResource, Constants.UNAUTHORIZED_USER);

      throw new AccessControlException("User "
          + callerUGI.getShortUserName() + " cannot perform "
          + "operation " + operation.name() + " on queue " + queue
          + ".\n Please run \"hadoop queue -showacls\" "
          + "command to find the queues you have access to .");
    } else {
      AuditLogger.logSuccess(user, operation.name(), targetResource);
      return;
    }
  }

  // Check if callerUGI is queueAdmin, jobOwner or part of job-acl.
  // queueManager and queue are null only when called from
  // TaskTracker(i.e. from TaskLogServlet) for the operation VIEW_TASK_LOGS.
  // Caller of this method takes care of checking if callerUGI is a
  // queue administrator for that operation.
  if (operation == Operation.VIEW_TASK_LOGS) {
    if (jobACLsManager.checkAccess(callerUGI, operation.jobACLNeeded,
        jobOwner, jobAcl)) {
      AuditLogger.logSuccess(user, operation.name(), targetResource);
      return;
    }
  } else if (queueManager.hasAccess(queue, operation.qACLNeeded, callerUGI) ||
             jobACLsManager.checkAccess(callerUGI, operation.jobACLNeeded,
             jobOwner, jobAcl)) {
    AuditLogger.logSuccess(user, operation.name(), targetResource);
    return;
  }

  AuditLogger.logFailure(user, operation.name(), jobAcl.toString(),
      targetResource, Constants.UNAUTHORIZED_USER);

  throw new AccessControlException("User "
      + callerUGI.getShortUserName() + " cannot perform operation "
      + operation.name() + " on " + jobId + " that is in the queue "
      + queue);
}
项目:hortonworks-extension    文件:ACLsManager.java   
/**
 * Check the ACLs for a user doing the passed operation.
 * <ul>
 * <li>If ACLs are disabled, allow all users.</li>
 * <li>If the operation is not a job operation(for eg. submit-job-to-queue),
 *  then allow only (a) clusterOwner(who started the cluster), (b)cluster 
 *  administrators and (c) members of queue-submit-job-acl for the queue.</li>
 * <li>If the operation is a job operation, then allow only (a) jobOwner,
 * (b) clusterOwner(who started the cluster), (c) cluster administrators,
 * (d) members of queue admins acl for the queue and (e) members of job
 * acl for the jobOperation</li>
 * </ul>
 * 
 * callerUGI is the user who is trying to perform the operation.
 * jobAcl could be job-view-acl or job-modify-acl depending on job operation.
 */
void checkAccess(String jobId, UserGroupInformation callerUGI,
    String queue, Operation operation, String jobOwner,
    AccessControlList jobAcl) throws AccessControlException {
  if (!aclsEnabled) {
    return;
  }

  String user = callerUGI.getShortUserName();
  String targetResource = jobId + " in queue " + queue;

  // Allow mapreduce cluster admins to do any queue operation and
  // any job operation
  if (isMRAdmin(callerUGI)) {
    AuditLogger.logSuccess(user, operation.name(), targetResource);
    return;
  }

  if (operation == Operation.SUBMIT_JOB) {
    // This is strictly queue operation(not a job operation)
    if (!queueManager.hasAccess(queue, operation.qACLNeeded, callerUGI)) {
      AuditLogger.logFailure(user, operation.name(),
          queueManager.getQueueACL(queue, operation.qACLNeeded).toString(),
          targetResource, Constants.UNAUTHORIZED_USER);

      throw new AccessControlException("User "
          + callerUGI.getShortUserName() + " cannot perform "
          + "operation " + operation.name() + " on queue " + queue
          + ".\n Please run \"hadoop queue -showacls\" "
          + "command to find the queues you have access to .");
    } else {
      AuditLogger.logSuccess(user, operation.name(), targetResource);
      return;
    }
  }

  // Check if callerUGI is queueAdmin, jobOwner or part of job-acl.
  // queueManager and queue are null only when called from
  // TaskTracker(i.e. from TaskLogServlet) for the operation VIEW_TASK_LOGS.
  // Caller of this method takes care of checking if callerUGI is a
  // queue administrator for that operation.
  if (operation == Operation.VIEW_TASK_LOGS) {
    if (jobACLsManager.checkAccess(callerUGI, operation.jobACLNeeded,
        jobOwner, jobAcl)) {
      AuditLogger.logSuccess(user, operation.name(), targetResource);
      return;
    }
  } else if (queueManager.hasAccess(queue, operation.qACLNeeded, callerUGI) ||
             jobACLsManager.checkAccess(callerUGI, operation.jobACLNeeded,
             jobOwner, jobAcl)) {
    AuditLogger.logSuccess(user, operation.name(), targetResource);
    return;
  }

  AuditLogger.logFailure(user, operation.name(), jobAcl.toString(),
      targetResource, Constants.UNAUTHORIZED_USER);

  throw new AccessControlException("User "
      + callerUGI.getShortUserName() + " cannot perform operation "
      + operation.name() + " on " + jobId + " that is in the queue "
      + queue);
}
项目:hortonworks-extension    文件:ACLsManager.java   
/**
 * Check the ACLs for a user doing the passed operation.
 * <ul>
 * <li>If ACLs are disabled, allow all users.</li>
 * <li>If the operation is not a job operation(for eg. submit-job-to-queue),
 *  then allow only (a) clusterOwner(who started the cluster), (b)cluster 
 *  administrators and (c) members of queue-submit-job-acl for the queue.</li>
 * <li>If the operation is a job operation, then allow only (a) jobOwner,
 * (b) clusterOwner(who started the cluster), (c) cluster administrators,
 * (d) members of queue admins acl for the queue and (e) members of job
 * acl for the jobOperation</li>
 * </ul>
 * 
 * callerUGI is the user who is trying to perform the operation.
 * jobAcl could be job-view-acl or job-modify-acl depending on job operation.
 */
void checkAccess(String jobId, UserGroupInformation callerUGI,
    String queue, Operation operation, String jobOwner,
    AccessControlList jobAcl) throws AccessControlException {
  if (!aclsEnabled) {
    return;
  }

  String user = callerUGI.getShortUserName();
  String targetResource = jobId + " in queue " + queue;

  // Allow mapreduce cluster admins to do any queue operation and
  // any job operation
  if (isMRAdmin(callerUGI)) {
    AuditLogger.logSuccess(user, operation.name(), targetResource);
    return;
  }

  if (operation == Operation.SUBMIT_JOB) {
    // This is strictly queue operation(not a job operation)
    if (!queueManager.hasAccess(queue, operation.qACLNeeded, callerUGI)) {
      AuditLogger.logFailure(user, operation.name(),
          queueManager.getQueueACL(queue, operation.qACLNeeded).toString(),
          targetResource, Constants.UNAUTHORIZED_USER);

      throw new AccessControlException("User "
          + callerUGI.getShortUserName() + " cannot perform "
          + "operation " + operation.name() + " on queue " + queue
          + ".\n Please run \"hadoop queue -showacls\" "
          + "command to find the queues you have access to .");
    } else {
      AuditLogger.logSuccess(user, operation.name(), targetResource);
      return;
    }
  }

  // Check if callerUGI is queueAdmin, jobOwner or part of job-acl.
  // queueManager and queue are null only when called from
  // TaskTracker(i.e. from TaskLogServlet) for the operation VIEW_TASK_LOGS.
  // Caller of this method takes care of checking if callerUGI is a
  // queue administrator for that operation.
  if (operation == Operation.VIEW_TASK_LOGS) {
    if (jobACLsManager.checkAccess(callerUGI, operation.jobACLNeeded,
        jobOwner, jobAcl)) {
      AuditLogger.logSuccess(user, operation.name(), targetResource);
      return;
    }
  } else if (queueManager.hasAccess(queue, operation.qACLNeeded, callerUGI) ||
             jobACLsManager.checkAccess(callerUGI, operation.jobACLNeeded,
             jobOwner, jobAcl)) {
    AuditLogger.logSuccess(user, operation.name(), targetResource);
    return;
  }

  AuditLogger.logFailure(user, operation.name(), jobAcl.toString(),
      targetResource, Constants.UNAUTHORIZED_USER);

  throw new AccessControlException("User "
      + callerUGI.getShortUserName() + " cannot perform operation "
      + operation.name() + " on " + jobId + " that is in the queue "
      + queue);
}