From bbb09e70d91dce4b23f91b2a52f9f0bb7fca6eb4 Mon Sep 17 00:00:00 2001
From: "13574798@qq.com" <13574798@qq.com>
Date: Wed, 30 Apr 2025 21:36:19 +0800
Subject: [PATCH 01/14] add dependency jar

---
 amoro-ams/pom.xml | 5 ++++-
 pom.xml           | 5 +++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/amoro-ams/pom.xml b/amoro-ams/pom.xml
index 8a0801406e..f984acfc7c 100644
--- a/amoro-ams/pom.xml
+++ b/amoro-ams/pom.xml
@@ -436,7 +436,10 @@
             <version>1.19.6</version>
             <scope>test</scope>
         </dependency>
-
+        <dependency>
+            <groupId>org.casbin</groupId>
+            <artifactId>jcasbin</artifactId>
+        </dependency>
 
     </dependencies>
 
diff --git a/pom.xml b/pom.xml
index 2588ce4099..6ff703d559 100644
--- a/pom.xml
+++ b/pom.xml
@@ -909,6 +909,11 @@
                 <version>${mockito.version}</version>
                 <scope>test</scope>
             </dependency>
+            <dependency>
+                <groupId>org.casbin</groupId>
+                <artifactId>jcasbin</artifactId>
+                <version>1.39.0</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 

From 4624df7deeb214ff23a7eeb191f664d2be87fea5 Mon Sep 17 00:00:00 2001
From: "13574798@qq.com" <13574798@qq.com>
Date: Wed, 30 Apr 2025 21:54:27 +0800
Subject: [PATCH 02/14] userinfo manager

---
 .../amoro/server/AmoroServiceContainer.java   | 11 +++--
 .../server/dashboard/DashboardServer.java     | 38 ++++++++++------
 .../dashboard/controller/LoginController.java | 10 +++--
 .../server/permission/PermissionManager.java  | 17 +++++++
 .../server/permission/UserInfoManager.java    | 45 +++++++++++++++++++
 5 files changed, 101 insertions(+), 20 deletions(-)
 create mode 100644 amoro-ams/src/main/java/org/apache/amoro/server/permission/PermissionManager.java
 create mode 100644 amoro-ams/src/main/java/org/apache/amoro/server/permission/UserInfoManager.java

diff --git a/amoro-ams/src/main/java/org/apache/amoro/server/AmoroServiceContainer.java b/amoro-ams/src/main/java/org/apache/amoro/server/AmoroServiceContainer.java
index 283d211dd8..b879ba27c5 100644
--- a/amoro-ams/src/main/java/org/apache/amoro/server/AmoroServiceContainer.java
+++ b/amoro-ams/src/main/java/org/apache/amoro/server/AmoroServiceContainer.java
@@ -38,6 +38,8 @@
 import org.apache.amoro.server.dashboard.utils.CommonUtil;
 import org.apache.amoro.server.manager.EventsManager;
 import org.apache.amoro.server.manager.MetricManager;
+import org.apache.amoro.server.permission.PermissionManager;
+import org.apache.amoro.server.permission.UserInfoManager;
 import org.apache.amoro.server.persistence.DataSourceFactory;
 import org.apache.amoro.server.persistence.HttpSessionHandlerFactory;
 import org.apache.amoro.server.persistence.SqlSessionFactoryProvider;
@@ -109,7 +111,8 @@ public class AmoroServiceContainer {
   private TServer optimizingServiceServer;
   private Javalin httpServer;
   private AmsServiceMetrics amsServiceMetrics;
-
+  private UserInfoManager userInfoManager;
+  private PermissionManager permissionManager;
   public AmoroServiceContainer() throws Exception {
     initConfig();
     haContainer = new HighAvailabilityContainer(serviceConfig);
@@ -163,7 +166,8 @@ public void startService() throws Exception {
 
     optimizingService =
         new DefaultOptimizingService(serviceConfig, catalogManager, optimizerManager, tableService);
-
+    userInfoManager = new UserInfoManager();
+    permissionManager = new PermissionManager();
     LOG.info("Setting up AMS table executors...");
     AsyncTableExecutors.getInstance().setup(tableService, serviceConfig);
     addHandlerChain(optimizingService.getTableRuntimeHandler());
@@ -262,7 +266,8 @@ private void initHttpService() {
             tableManager,
             optimizerManager,
             optimizingService,
-            terminalManager);
+            terminalManager,
+             userInfoManager, permissionManager);
     RestCatalogService restCatalogService = new RestCatalogService(catalogManager, tableManager);
 
     httpServer =
diff --git a/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/DashboardServer.java b/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/DashboardServer.java
index b5e71bc162..49c5828130 100644
--- a/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/DashboardServer.java
+++ b/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/DashboardServer.java
@@ -51,6 +51,8 @@
 import org.apache.amoro.server.dashboard.controller.VersionController;
 import org.apache.amoro.server.dashboard.response.ErrorResponse;
 import org.apache.amoro.server.dashboard.utils.ParamSignatureCalculator;
+import org.apache.amoro.server.permission.PermissionManager;
+import org.apache.amoro.server.permission.UserInfoManager;
 import org.apache.amoro.server.resource.OptimizerManager;
 import org.apache.amoro.server.table.TableManager;
 import org.apache.amoro.server.terminal.TerminalManager;
@@ -93,18 +95,19 @@ public class DashboardServer {
   private final String authType;
   private final String basicAuthUser;
   private final String basicAuthPassword;
-
+  private final UserInfoManager userInfoManager;
+  private final PermissionManager permissionManager;
   public DashboardServer(
-      Configurations serviceConfig,
-      CatalogManager catalogManager,
-      TableManager tableManager,
-      OptimizerManager optimizerManager,
-      DefaultOptimizingService optimizingService,
-      TerminalManager terminalManager) {
+          Configurations serviceConfig,
+          CatalogManager catalogManager,
+          TableManager tableManager,
+          OptimizerManager optimizerManager,
+          DefaultOptimizingService optimizingService,
+          TerminalManager terminalManager, UserInfoManager userInfoManager, PermissionManager permissionManager) {
     PlatformFileManager platformFileManager = new PlatformFileManager();
     this.catalogController = new CatalogController(catalogManager, platformFileManager);
     this.healthCheckController = new HealthCheckController();
-    this.loginController = new LoginController(serviceConfig);
+    this.loginController = new LoginController(serviceConfig,userInfoManager);
     // TODO: remove table service from OptimizerGroupController
     this.optimizerGroupController =
         new OptimizerGroupController(tableManager, optimizingService, optimizerManager);
@@ -124,6 +127,8 @@ public DashboardServer(
     this.authType = serviceConfig.get(AmoroManagementConf.HTTP_SERVER_REST_AUTH_TYPE);
     this.basicAuthUser = serviceConfig.get(AmoroManagementConf.ADMIN_USERNAME);
     this.basicAuthPassword = serviceConfig.get(AmoroManagementConf.ADMIN_PASSWORD);
+    this.userInfoManager = userInfoManager;
+    this.permissionManager = permissionManager;
   }
 
   private volatile String indexHtml = null;
@@ -387,15 +392,22 @@ public void preHandleRequest(Context ctx) {
       if (null == ctx.sessionAttribute("user")) {
         throw new ForbiddenException("User session attribute is missed for url: " + uriPath);
       }
+      //TODO : check permission
+
       return;
     }
     if (AUTH_TYPE_BASIC.equalsIgnoreCase(authType)) {
       BasicAuthCredentials cred = ctx.basicAuthCredentials();
-      if (!(basicAuthUser.equals(cred.component1())
-          && basicAuthPassword.equals(cred.component2()))) {
-        throw new SignatureCheckException(
-            "Failed to authenticate via basic authentication for url:" + uriPath);
-      }
+      //TODO :check user info
+        if (!userInfoManager.isValidate(cred.component1(), cred.component2())) {
+            throw new SignatureCheckException(
+                    "Failed to authenticate via basic authentication for url:" + uriPath);
+        }
+//      if (!(basicAuthUser.equals(cred.component1())
+//          && basicAuthPassword.equals(cred.component2()))) {
+//        throw new SignatureCheckException(
+//            "Failed to authenticate via basic authentication for url:" + uriPath);
+//      }
     } else {
       checkApiToken(
           ctx.url(), ctx.queryParam("apiKey"), ctx.queryParam("signature"), ctx.queryParamMap());
diff --git a/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/controller/LoginController.java b/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/controller/LoginController.java
index c9b61fee7c..a374c1136c 100644
--- a/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/controller/LoginController.java
+++ b/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/controller/LoginController.java
@@ -22,6 +22,7 @@
 import org.apache.amoro.config.Configurations;
 import org.apache.amoro.server.AmoroManagementConf;
 import org.apache.amoro.server.dashboard.response.OkResponse;
+import org.apache.amoro.server.permission.UserInfoManager;
 
 import java.io.Serializable;
 import java.util.Map;
@@ -31,10 +32,11 @@ public class LoginController {
 
   private final String adminUser;
   private final String adminPassword;
-
-  public LoginController(Configurations serviceConfig) {
+  private final UserInfoManager userInfoManager;
+  public LoginController(Configurations serviceConfig,UserInfoManager userInfoManager) {
     adminUser = serviceConfig.get(AmoroManagementConf.ADMIN_USERNAME);
     adminPassword = serviceConfig.get(AmoroManagementConf.ADMIN_PASSWORD);
+    this.userInfoManager = userInfoManager;
   }
 
   /** Get current user. */
@@ -49,8 +51,8 @@ public void login(Context ctx) {
     Map<String, String> bodyParams = ctx.bodyAsClass(Map.class);
     String user = bodyParams.get("user");
     String pwd = bodyParams.get("password");
-    if (adminUser.equals(user) && (adminPassword.equals(pwd))) {
-      ctx.sessionAttribute("user", new SessionInfo(adminUser, System.currentTimeMillis() + ""));
+    if (userInfoManager.isValidate(user, pwd)) {
+      ctx.sessionAttribute("user", new SessionInfo(user, System.currentTimeMillis() + ""));
       ctx.json(OkResponse.of("success"));
     } else {
       throw new RuntimeException("bad user " + user + " or password!");
diff --git a/amoro-ams/src/main/java/org/apache/amoro/server/permission/PermissionManager.java b/amoro-ams/src/main/java/org/apache/amoro/server/permission/PermissionManager.java
new file mode 100644
index 0000000000..f9bf1f5d6c
--- /dev/null
+++ b/amoro-ams/src/main/java/org/apache/amoro/server/permission/PermissionManager.java
@@ -0,0 +1,17 @@
+package org.apache.amoro.server.permission;
+
+import org.apache.amoro.config.Configurations;
+import org.casbin.jcasbin.main.Enforcer;
+
+public class PermissionManager {
+    Enforcer enforcer;
+
+    public PermissionManager() {
+        //enforcer = new Enforcer(modelPath, policyFile);
+    }
+
+    public  boolean accessible(String userName,String url,String method) {
+
+        return false;
+    }
+}
diff --git a/amoro-ams/src/main/java/org/apache/amoro/server/permission/UserInfoManager.java b/amoro-ams/src/main/java/org/apache/amoro/server/permission/UserInfoManager.java
new file mode 100644
index 0000000000..f0e5c96f6e
--- /dev/null
+++ b/amoro-ams/src/main/java/org/apache/amoro/server/permission/UserInfoManager.java
@@ -0,0 +1,45 @@
+package org.apache.amoro.server.permission;
+
+import com.google.common.collect.Maps;
+import org.apache.amoro.server.Environments;
+import org.apache.commons.io.FileUtils;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileReader;
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+public class UserInfoManager {
+
+    private final Map<String,String> users = Maps.newHashMap();
+
+
+    public UserInfoManager() {
+        String configPath = Environments.getConfigPath() + "/users.csv" ;
+        this.loadUserInfoFileToMap(configPath);
+    }
+    public boolean isValidate(String username, String password) {
+        if (users.containsKey(username)) {
+            return users.get(username).equals(password);
+        }
+        return false;
+    }
+    private  void  loadUserInfoFileToMap(String filePath) {
+        try {
+            FileUtils.readLines(new File(filePath), "UTF-8").forEach(line -> {
+                String[] parts = line.split(",");
+                if (parts.length == 2) {
+                    String username = parts[0].trim();
+                    String password = parts[1].trim();
+                    users.put(username, password);
+                }
+            });
+        } catch (Exception e) {
+            throw new RuntimeException("load userInfo file error",e);
+        }
+
+    }
+
+}

From 846aff5366697fc90a890a6fc5aa4c88c0026927 Mon Sep 17 00:00:00 2001
From: "13574798@qq.com" <13574798@qq.com>
Date: Wed, 30 Apr 2025 22:35:39 +0800
Subject: [PATCH 03/14] add Permission checking

---
 amoro-ams/pom.xml                             |  1 -
 .../server/dashboard/DashboardServer.java     |  7 +++--
 .../dashboard/controller/LoginController.java | 26 +------------------
 .../server/dashboard/model/SessionInfo.java   | 24 +++++++++++++++++
 .../server/permission/PermissionManager.java  | 15 +++++++----
 dist/src/main/amoro-bin/conf/policy.csv       |  4 +++
 dist/src/main/amoro-bin/conf/rbac_model.conf  | 14 ++++++++++
 dist/src/main/amoro-bin/conf/users.csv        |  2 ++
 8 files changed, 60 insertions(+), 33 deletions(-)
 create mode 100644 dist/src/main/amoro-bin/conf/policy.csv
 create mode 100644 dist/src/main/amoro-bin/conf/rbac_model.conf
 create mode 100644 dist/src/main/amoro-bin/conf/users.csv

diff --git a/amoro-ams/pom.xml b/amoro-ams/pom.xml
index f984acfc7c..75e51e5cc8 100644
--- a/amoro-ams/pom.xml
+++ b/amoro-ams/pom.xml
@@ -203,7 +203,6 @@
         <dependency>
             <groupId>mysql</groupId>
             <artifactId>mysql-connector-java</artifactId>
-            <scope>provided</scope>
         </dependency>
 
         <dependency>
diff --git a/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/DashboardServer.java b/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/DashboardServer.java
index 49c5828130..c15ffa330e 100644
--- a/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/DashboardServer.java
+++ b/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/DashboardServer.java
@@ -49,6 +49,7 @@
 import org.apache.amoro.server.dashboard.controller.TableController;
 import org.apache.amoro.server.dashboard.controller.TerminalController;
 import org.apache.amoro.server.dashboard.controller.VersionController;
+import org.apache.amoro.server.dashboard.model.SessionInfo;
 import org.apache.amoro.server.dashboard.response.ErrorResponse;
 import org.apache.amoro.server.dashboard.utils.ParamSignatureCalculator;
 import org.apache.amoro.server.permission.PermissionManager;
@@ -393,12 +394,14 @@ public void preHandleRequest(Context ctx) {
         throw new ForbiddenException("User session attribute is missed for url: " + uriPath);
       }
       //TODO : check permission
-
+        SessionInfo user = ctx.sessionAttribute("user");
+      String method = ctx.method();
+      String path = ctx.path();
+      permissionManager.accessible(user.getUserName(),path,method);
       return;
     }
     if (AUTH_TYPE_BASIC.equalsIgnoreCase(authType)) {
       BasicAuthCredentials cred = ctx.basicAuthCredentials();
-      //TODO :check user info
         if (!userInfoManager.isValidate(cred.component1(), cred.component2())) {
             throw new SignatureCheckException(
                     "Failed to authenticate via basic authentication for url:" + uriPath);
diff --git a/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/controller/LoginController.java b/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/controller/LoginController.java
index a374c1136c..c148c41e9f 100644
--- a/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/controller/LoginController.java
+++ b/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/controller/LoginController.java
@@ -21,6 +21,7 @@
 import io.javalin.http.Context;
 import org.apache.amoro.config.Configurations;
 import org.apache.amoro.server.AmoroManagementConf;
+import org.apache.amoro.server.dashboard.model.SessionInfo;
 import org.apache.amoro.server.dashboard.response.OkResponse;
 import org.apache.amoro.server.permission.UserInfoManager;
 
@@ -65,29 +66,4 @@ public void logout(Context ctx) {
     ctx.json(OkResponse.ok());
   }
 
-  static class SessionInfo implements Serializable {
-    String userName;
-    String loginTime;
-
-    public SessionInfo(String username, String loginTime) {
-      this.userName = username;
-      this.loginTime = loginTime;
-    }
-
-    public String getUserName() {
-      return userName;
-    }
-
-    public void setUserName(String userName) {
-      this.userName = userName;
-    }
-
-    public String getLoginTime() {
-      return loginTime;
-    }
-
-    public void setLoginTime(String loginTime) {
-      this.loginTime = loginTime;
-    }
-  }
 }
diff --git a/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/model/SessionInfo.java b/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/model/SessionInfo.java
index 9d0abb3be1..71d31857d1 100644
--- a/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/model/SessionInfo.java
+++ b/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/model/SessionInfo.java
@@ -20,11 +20,35 @@
 
 public class SessionInfo {
   private String sessionId;
+  String userName;
+
+  public String getLoginTime() {
+    return loginTime;
+  }
+
+  public void setLoginTime(String loginTime) {
+    this.loginTime = loginTime;
+  }
+
+  public String getUserName() {
+    return userName;
+  }
+
+  public void setUserName(String userName) {
+    this.userName = userName;
+  }
+
+  String loginTime;
 
   public SessionInfo(String sessionId) {
     this.sessionId = sessionId;
   }
 
+  public SessionInfo(String userName,String loginTime) {
+    this.userName = userName;
+    this.loginTime = loginTime;
+  }
+
   public SessionInfo() {}
 
   public String getSessionId() {
diff --git a/amoro-ams/src/main/java/org/apache/amoro/server/permission/PermissionManager.java b/amoro-ams/src/main/java/org/apache/amoro/server/permission/PermissionManager.java
index f9bf1f5d6c..6e0bbec28d 100644
--- a/amoro-ams/src/main/java/org/apache/amoro/server/permission/PermissionManager.java
+++ b/amoro-ams/src/main/java/org/apache/amoro/server/permission/PermissionManager.java
@@ -1,17 +1,22 @@
 package org.apache.amoro.server.permission;
 
 import org.apache.amoro.config.Configurations;
+import org.apache.amoro.server.Environments;
 import org.casbin.jcasbin.main.Enforcer;
 
 public class PermissionManager {
-    Enforcer enforcer;
+    private final Enforcer enforcer;
 
     public PermissionManager() {
-        //enforcer = new Enforcer(modelPath, policyFile);
+        String modelPath = Environments.getConfigPath() + "/rbac_model.conf" ;
+        String policyFile = Environments.getConfigPath() + "/policy.csv" ;
+        enforcer = new Enforcer(modelPath, policyFile);
     }
 
-    public  boolean accessible(String userName,String url,String method) {
-
-        return false;
+    public  boolean accessible(String user,String url,String method) {
+        if (!enforcer.enforce(user, url, method)) {
+            return false;
+        }
+        return true;
     }
 }
diff --git a/dist/src/main/amoro-bin/conf/policy.csv b/dist/src/main/amoro-bin/conf/policy.csv
new file mode 100644
index 0000000000..17ccdd240c
--- /dev/null
+++ b/dist/src/main/amoro-bin/conf/policy.csv
@@ -0,0 +1,4 @@
+p, admin, /*, GET|POST|DELETE|PUT
+p, read_only, /*, GET
+g, admin, admin
+g, user, read_only
\ No newline at end of file
diff --git a/dist/src/main/amoro-bin/conf/rbac_model.conf b/dist/src/main/amoro-bin/conf/rbac_model.conf
new file mode 100644
index 0000000000..e9aa027118
--- /dev/null
+++ b/dist/src/main/amoro-bin/conf/rbac_model.conf
@@ -0,0 +1,14 @@
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub, obj, act
+
+[role_definition]
+g = _, _
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = g(r.sub, p.sub) && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)
diff --git a/dist/src/main/amoro-bin/conf/users.csv b/dist/src/main/amoro-bin/conf/users.csv
new file mode 100644
index 0000000000..0ca163dda1
--- /dev/null
+++ b/dist/src/main/amoro-bin/conf/users.csv
@@ -0,0 +1,2 @@
+admin,admin
+user,user
\ No newline at end of file

From 9447154a24ff8da2a5521e980ef3146d2b8aa83e Mon Sep 17 00:00:00 2001
From: "13574798@qq.com" <13574798@qq.com>
Date: Wed, 30 Apr 2025 22:48:53 +0800
Subject: [PATCH 04/14] add Permission checking

---
 .../amoro/server/dashboard/DashboardServer.java   | 15 +++++++++++++--
 .../amoro/exception/AccessDeniedException.java    |  9 +++++++++
 2 files changed, 22 insertions(+), 2 deletions(-)
 create mode 100644 amoro-common/src/main/java/org/apache/amoro/exception/AccessDeniedException.java

diff --git a/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/DashboardServer.java b/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/DashboardServer.java
index c15ffa330e..e8ff55bf24 100644
--- a/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/DashboardServer.java
+++ b/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/DashboardServer.java
@@ -32,6 +32,7 @@
 import io.javalin.http.staticfiles.Location;
 import io.javalin.http.staticfiles.StaticFileConfig;
 import org.apache.amoro.config.Configurations;
+import org.apache.amoro.exception.AccessDeniedException;
 import org.apache.amoro.exception.ForbiddenException;
 import org.apache.amoro.exception.SignatureCheckException;
 import org.apache.amoro.server.AmoroManagementConf;
@@ -397,7 +398,9 @@ public void preHandleRequest(Context ctx) {
         SessionInfo user = ctx.sessionAttribute("user");
       String method = ctx.method();
       String path = ctx.path();
-      permissionManager.accessible(user.getUserName(),path,method);
+      if (!permissionManager.accessible(user.getUserName(),path,method)){
+          throw new AccessDeniedException("unable to access url: " + uriPath);
+      }
       return;
     }
     if (AUTH_TYPE_BASIC.equalsIgnoreCase(authType)) {
@@ -427,7 +430,15 @@ public void handleException(Exception e, Context ctx) {
       }
     } else if (e instanceof SignatureCheckException) {
       ctx.json(new ErrorResponse(HttpCode.FORBIDDEN, "Signature check failed", ""));
-    } else {
+    } else if (e instanceof AccessDeniedException) {
+        if (!ctx.req.getRequestURI().startsWith("/api/ams")) {
+            ctx.html(getIndexFileContent());
+        } else {
+            ctx.status(HttpCode.FORBIDDEN);
+            ctx.json(new ErrorResponse(HttpCode.FORBIDDEN, "Access Denied", ""));
+            return;
+        }
+    }else {
       ctx.json(new ErrorResponse(HttpCode.INTERNAL_SERVER_ERROR, e.getMessage(), ""));
     }
     LOG.error("An error occurred while processing the url:{}", ctx.url(), e);
diff --git a/amoro-common/src/main/java/org/apache/amoro/exception/AccessDeniedException.java b/amoro-common/src/main/java/org/apache/amoro/exception/AccessDeniedException.java
new file mode 100644
index 0000000000..0cc7f0bb88
--- /dev/null
+++ b/amoro-common/src/main/java/org/apache/amoro/exception/AccessDeniedException.java
@@ -0,0 +1,9 @@
+package org.apache.amoro.exception;
+
+public class AccessDeniedException extends AmoroRuntimeException {
+    public AccessDeniedException() {}
+
+    public AccessDeniedException(String message) {
+        super(message);
+    }
+}

From f9523abf00dc7d92bd2a499f696fa324c784af04 Mon Sep 17 00:00:00 2001
From: "13574798@qq.com" <13574798@qq.com>
Date: Wed, 30 Apr 2025 22:50:45 +0800
Subject: [PATCH 05/14] add Permission checking

---
 amoro-ams/pom.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/amoro-ams/pom.xml b/amoro-ams/pom.xml
index 75e51e5cc8..f984acfc7c 100644
--- a/amoro-ams/pom.xml
+++ b/amoro-ams/pom.xml
@@ -203,6 +203,7 @@
         <dependency>
             <groupId>mysql</groupId>
             <artifactId>mysql-connector-java</artifactId>
+            <scope>provided</scope>
         </dependency>
 
         <dependency>

From c341f69d6816a41abf75b2c76638cd933f7d091d Mon Sep 17 00:00:00 2001
From: "13574798@qq.com" <13574798@qq.com>
Date: Wed, 30 Apr 2025 22:53:10 +0800
Subject: [PATCH 06/14] add Permission checking

---
 .../amoro/server/AmoroServiceContainer.java   |  4 +-
 .../server/dashboard/DashboardServer.java     | 59 ++++++++--------
 .../dashboard/controller/LoginController.java |  5 +-
 .../server/dashboard/model/SessionInfo.java   |  2 +-
 .../server/permission/PermissionManager.java  | 41 ++++++++----
 .../server/permission/UserInfoManager.java    | 67 ++++++++++++-------
 .../exception/AccessDeniedException.java      | 26 +++++--
 7 files changed, 129 insertions(+), 75 deletions(-)

diff --git a/amoro-ams/src/main/java/org/apache/amoro/server/AmoroServiceContainer.java b/amoro-ams/src/main/java/org/apache/amoro/server/AmoroServiceContainer.java
index b879ba27c5..d6fb8a0202 100644
--- a/amoro-ams/src/main/java/org/apache/amoro/server/AmoroServiceContainer.java
+++ b/amoro-ams/src/main/java/org/apache/amoro/server/AmoroServiceContainer.java
@@ -113,6 +113,7 @@ public class AmoroServiceContainer {
   private AmsServiceMetrics amsServiceMetrics;
   private UserInfoManager userInfoManager;
   private PermissionManager permissionManager;
+
   public AmoroServiceContainer() throws Exception {
     initConfig();
     haContainer = new HighAvailabilityContainer(serviceConfig);
@@ -267,7 +268,8 @@ private void initHttpService() {
             optimizerManager,
             optimizingService,
             terminalManager,
-             userInfoManager, permissionManager);
+            userInfoManager,
+            permissionManager);
     RestCatalogService restCatalogService = new RestCatalogService(catalogManager, tableManager);
 
     httpServer =
diff --git a/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/DashboardServer.java b/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/DashboardServer.java
index e8ff55bf24..d3d972d5ac 100644
--- a/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/DashboardServer.java
+++ b/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/DashboardServer.java
@@ -99,17 +99,20 @@ public class DashboardServer {
   private final String basicAuthPassword;
   private final UserInfoManager userInfoManager;
   private final PermissionManager permissionManager;
+
   public DashboardServer(
-          Configurations serviceConfig,
-          CatalogManager catalogManager,
-          TableManager tableManager,
-          OptimizerManager optimizerManager,
-          DefaultOptimizingService optimizingService,
-          TerminalManager terminalManager, UserInfoManager userInfoManager, PermissionManager permissionManager) {
+      Configurations serviceConfig,
+      CatalogManager catalogManager,
+      TableManager tableManager,
+      OptimizerManager optimizerManager,
+      DefaultOptimizingService optimizingService,
+      TerminalManager terminalManager,
+      UserInfoManager userInfoManager,
+      PermissionManager permissionManager) {
     PlatformFileManager platformFileManager = new PlatformFileManager();
     this.catalogController = new CatalogController(catalogManager, platformFileManager);
     this.healthCheckController = new HealthCheckController();
-    this.loginController = new LoginController(serviceConfig,userInfoManager);
+    this.loginController = new LoginController(serviceConfig, userInfoManager);
     // TODO: remove table service from OptimizerGroupController
     this.optimizerGroupController =
         new OptimizerGroupController(tableManager, optimizingService, optimizerManager);
@@ -394,26 +397,26 @@ public void preHandleRequest(Context ctx) {
       if (null == ctx.sessionAttribute("user")) {
         throw new ForbiddenException("User session attribute is missed for url: " + uriPath);
       }
-      //TODO : check permission
-        SessionInfo user = ctx.sessionAttribute("user");
+      // TODO : check permission
+      SessionInfo user = ctx.sessionAttribute("user");
       String method = ctx.method();
       String path = ctx.path();
-      if (!permissionManager.accessible(user.getUserName(),path,method)){
-          throw new AccessDeniedException("unable to access url: " + uriPath);
+      if (!permissionManager.accessible(user.getUserName(), path, method)) {
+        throw new AccessDeniedException("unable to access url: " + uriPath);
       }
       return;
     }
     if (AUTH_TYPE_BASIC.equalsIgnoreCase(authType)) {
       BasicAuthCredentials cred = ctx.basicAuthCredentials();
-        if (!userInfoManager.isValidate(cred.component1(), cred.component2())) {
-            throw new SignatureCheckException(
-                    "Failed to authenticate via basic authentication for url:" + uriPath);
-        }
-//      if (!(basicAuthUser.equals(cred.component1())
-//          && basicAuthPassword.equals(cred.component2()))) {
-//        throw new SignatureCheckException(
-//            "Failed to authenticate via basic authentication for url:" + uriPath);
-//      }
+      if (!userInfoManager.isValidate(cred.component1(), cred.component2())) {
+        throw new SignatureCheckException(
+            "Failed to authenticate via basic authentication for url:" + uriPath);
+      }
+      //      if (!(basicAuthUser.equals(cred.component1())
+      //          && basicAuthPassword.equals(cred.component2()))) {
+      //        throw new SignatureCheckException(
+      //            "Failed to authenticate via basic authentication for url:" + uriPath);
+      //      }
     } else {
       checkApiToken(
           ctx.url(), ctx.queryParam("apiKey"), ctx.queryParam("signature"), ctx.queryParamMap());
@@ -431,14 +434,14 @@ public void handleException(Exception e, Context ctx) {
     } else if (e instanceof SignatureCheckException) {
       ctx.json(new ErrorResponse(HttpCode.FORBIDDEN, "Signature check failed", ""));
     } else if (e instanceof AccessDeniedException) {
-        if (!ctx.req.getRequestURI().startsWith("/api/ams")) {
-            ctx.html(getIndexFileContent());
-        } else {
-            ctx.status(HttpCode.FORBIDDEN);
-            ctx.json(new ErrorResponse(HttpCode.FORBIDDEN, "Access Denied", ""));
-            return;
-        }
-    }else {
+      if (!ctx.req.getRequestURI().startsWith("/api/ams")) {
+        ctx.html(getIndexFileContent());
+      } else {
+        ctx.status(HttpCode.FORBIDDEN);
+        ctx.json(new ErrorResponse(HttpCode.FORBIDDEN, "Access Denied", ""));
+        return;
+      }
+    } else {
       ctx.json(new ErrorResponse(HttpCode.INTERNAL_SERVER_ERROR, e.getMessage(), ""));
     }
     LOG.error("An error occurred while processing the url:{}", ctx.url(), e);
diff --git a/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/controller/LoginController.java b/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/controller/LoginController.java
index c148c41e9f..cd5a26c1d8 100644
--- a/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/controller/LoginController.java
+++ b/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/controller/LoginController.java
@@ -25,7 +25,6 @@
 import org.apache.amoro.server.dashboard.response.OkResponse;
 import org.apache.amoro.server.permission.UserInfoManager;
 
-import java.io.Serializable;
 import java.util.Map;
 
 /** The controller that handles login requests. */
@@ -34,7 +33,8 @@ public class LoginController {
   private final String adminUser;
   private final String adminPassword;
   private final UserInfoManager userInfoManager;
-  public LoginController(Configurations serviceConfig,UserInfoManager userInfoManager) {
+
+  public LoginController(Configurations serviceConfig, UserInfoManager userInfoManager) {
     adminUser = serviceConfig.get(AmoroManagementConf.ADMIN_USERNAME);
     adminPassword = serviceConfig.get(AmoroManagementConf.ADMIN_PASSWORD);
     this.userInfoManager = userInfoManager;
@@ -65,5 +65,4 @@ public void logout(Context ctx) {
     ctx.removeCookie("JSESSIONID");
     ctx.json(OkResponse.ok());
   }
-
 }
diff --git a/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/model/SessionInfo.java b/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/model/SessionInfo.java
index 71d31857d1..1b5efdfb74 100644
--- a/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/model/SessionInfo.java
+++ b/amoro-ams/src/main/java/org/apache/amoro/server/dashboard/model/SessionInfo.java
@@ -44,7 +44,7 @@ public SessionInfo(String sessionId) {
     this.sessionId = sessionId;
   }
 
-  public SessionInfo(String userName,String loginTime) {
+  public SessionInfo(String userName, String loginTime) {
     this.userName = userName;
     this.loginTime = loginTime;
   }
diff --git a/amoro-ams/src/main/java/org/apache/amoro/server/permission/PermissionManager.java b/amoro-ams/src/main/java/org/apache/amoro/server/permission/PermissionManager.java
index 6e0bbec28d..f90f4e2efe 100644
--- a/amoro-ams/src/main/java/org/apache/amoro/server/permission/PermissionManager.java
+++ b/amoro-ams/src/main/java/org/apache/amoro/server/permission/PermissionManager.java
@@ -1,22 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 package org.apache.amoro.server.permission;
 
-import org.apache.amoro.config.Configurations;
 import org.apache.amoro.server.Environments;
 import org.casbin.jcasbin.main.Enforcer;
 
 public class PermissionManager {
-    private final Enforcer enforcer;
+  private final Enforcer enforcer;
 
-    public PermissionManager() {
-        String modelPath = Environments.getConfigPath() + "/rbac_model.conf" ;
-        String policyFile = Environments.getConfigPath() + "/policy.csv" ;
-        enforcer = new Enforcer(modelPath, policyFile);
-    }
+  public PermissionManager() {
+    String modelPath = Environments.getConfigPath() + "/rbac_model.conf";
+    String policyFile = Environments.getConfigPath() + "/policy.csv";
+    enforcer = new Enforcer(modelPath, policyFile);
+  }
 
-    public  boolean accessible(String user,String url,String method) {
-        if (!enforcer.enforce(user, url, method)) {
-            return false;
-        }
-        return true;
+  public boolean accessible(String user, String url, String method) {
+    if (!enforcer.enforce(user, url, method)) {
+      return false;
     }
+    return true;
+  }
 }
diff --git a/amoro-ams/src/main/java/org/apache/amoro/server/permission/UserInfoManager.java b/amoro-ams/src/main/java/org/apache/amoro/server/permission/UserInfoManager.java
index f0e5c96f6e..42bcdde958 100644
--- a/amoro-ams/src/main/java/org/apache/amoro/server/permission/UserInfoManager.java
+++ b/amoro-ams/src/main/java/org/apache/amoro/server/permission/UserInfoManager.java
@@ -1,45 +1,60 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 package org.apache.amoro.server.permission;
 
 import com.google.common.collect.Maps;
 import org.apache.amoro.server.Environments;
 import org.apache.commons.io.FileUtils;
 
-import java.io.BufferedReader;
 import java.io.File;
-import java.io.FileReader;
-import java.io.IOException;
-import java.util.HashMap;
 import java.util.Map;
 
 public class UserInfoManager {
 
-    private final Map<String,String> users = Maps.newHashMap();
+  private final Map<String, String> users = Maps.newHashMap();
 
+  public UserInfoManager() {
+    String configPath = Environments.getConfigPath() + "/users.csv";
+    this.loadUserInfoFileToMap(configPath);
+  }
 
-    public UserInfoManager() {
-        String configPath = Environments.getConfigPath() + "/users.csv" ;
-        this.loadUserInfoFileToMap(configPath);
-    }
-    public boolean isValidate(String username, String password) {
-        if (users.containsKey(username)) {
-            return users.get(username).equals(password);
-        }
-        return false;
+  public boolean isValidate(String username, String password) {
+    if (users.containsKey(username)) {
+      return users.get(username).equals(password);
     }
-    private  void  loadUserInfoFileToMap(String filePath) {
-        try {
-            FileUtils.readLines(new File(filePath), "UTF-8").forEach(line -> {
+    return false;
+  }
+
+  private void loadUserInfoFileToMap(String filePath) {
+    try {
+      FileUtils.readLines(new File(filePath), "UTF-8")
+          .forEach(
+              line -> {
                 String[] parts = line.split(",");
                 if (parts.length == 2) {
-                    String username = parts[0].trim();
-                    String password = parts[1].trim();
-                    users.put(username, password);
+                  String username = parts[0].trim();
+                  String password = parts[1].trim();
+                  users.put(username, password);
                 }
-            });
-        } catch (Exception e) {
-            throw new RuntimeException("load userInfo file error",e);
-        }
-
+              });
+    } catch (Exception e) {
+      throw new RuntimeException("load userInfo file error", e);
     }
-
+  }
 }
diff --git a/amoro-common/src/main/java/org/apache/amoro/exception/AccessDeniedException.java b/amoro-common/src/main/java/org/apache/amoro/exception/AccessDeniedException.java
index 0cc7f0bb88..0c96288625 100644
--- a/amoro-common/src/main/java/org/apache/amoro/exception/AccessDeniedException.java
+++ b/amoro-common/src/main/java/org/apache/amoro/exception/AccessDeniedException.java
@@ -1,9 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 package org.apache.amoro.exception;
 
 public class AccessDeniedException extends AmoroRuntimeException {
-    public AccessDeniedException() {}
+  public AccessDeniedException() {}
 
-    public AccessDeniedException(String message) {
-        super(message);
-    }
+  public AccessDeniedException(String message) {
+    super(message);
+  }
 }

From 36d112cca7d00d58b1e6233e934ec4d27e42d7dd Mon Sep 17 00:00:00 2001
From: "13574798@qq.com" <13574798@qq.com>
Date: Thu, 1 May 2025 15:28:13 +0800
Subject: [PATCH 07/14] add Permission checking

---
 .../org/apache/amoro/server/permission/UserInfoManager.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/amoro-ams/src/main/java/org/apache/amoro/server/permission/UserInfoManager.java b/amoro-ams/src/main/java/org/apache/amoro/server/permission/UserInfoManager.java
index 42bcdde958..697a667dc3 100644
--- a/amoro-ams/src/main/java/org/apache/amoro/server/permission/UserInfoManager.java
+++ b/amoro-ams/src/main/java/org/apache/amoro/server/permission/UserInfoManager.java
@@ -18,8 +18,8 @@
 
 package org.apache.amoro.server.permission;
 
-import com.google.common.collect.Maps;
 import org.apache.amoro.server.Environments;
+import org.apache.amoro.shade.guava32.com.google.common.collect.Maps;
 import org.apache.commons.io.FileUtils;
 
 import java.io.File;

From 0c29b015e4c3ea06be7702d5c48e1eb79de94acf Mon Sep 17 00:00:00 2001
From: "13574798@qq.com" <13574798@qq.com>
Date: Thu, 1 May 2025 15:37:05 +0800
Subject: [PATCH 08/14] add Permission checking

---
 pom.xml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pom.xml b/pom.xml
index 6ff703d559..284e8ce673 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1166,6 +1166,8 @@
                             <exclude>**/Chart.lock</exclude>
                             <!-- artifacts created during release process -->
                             <exclude>release/**</exclude>
+                            <exclude>**/*.conf</exclude>
+                            <exclude>**/*.csv</exclude>
                         </excludes>
                     </configuration>
                     <executions>

From de210c9caf82897e4188d78bed8da72e7deb4f04 Mon Sep 17 00:00:00 2001
From: "13574798@qq.com" <13574798@qq.com>
Date: Sat, 3 May 2025 09:01:07 +0800
Subject: [PATCH 09/14] add test file

---
 amoro-ams/src/test/resources/policy.csv      |  4 ++++
 amoro-ams/src/test/resources/rbac_model.conf | 14 ++++++++++++++
 amoro-ams/src/test/resources/users.csv       |  2 ++
 3 files changed, 20 insertions(+)
 create mode 100644 amoro-ams/src/test/resources/policy.csv
 create mode 100644 amoro-ams/src/test/resources/rbac_model.conf
 create mode 100644 amoro-ams/src/test/resources/users.csv

diff --git a/amoro-ams/src/test/resources/policy.csv b/amoro-ams/src/test/resources/policy.csv
new file mode 100644
index 0000000000..17ccdd240c
--- /dev/null
+++ b/amoro-ams/src/test/resources/policy.csv
@@ -0,0 +1,4 @@
+p, admin, /*, GET|POST|DELETE|PUT
+p, read_only, /*, GET
+g, admin, admin
+g, user, read_only
\ No newline at end of file
diff --git a/amoro-ams/src/test/resources/rbac_model.conf b/amoro-ams/src/test/resources/rbac_model.conf
new file mode 100644
index 0000000000..e9aa027118
--- /dev/null
+++ b/amoro-ams/src/test/resources/rbac_model.conf
@@ -0,0 +1,14 @@
+[request_definition]
+r = sub, obj, act
+
+[policy_definition]
+p = sub, obj, act
+
+[role_definition]
+g = _, _
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = g(r.sub, p.sub) && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)
diff --git a/amoro-ams/src/test/resources/users.csv b/amoro-ams/src/test/resources/users.csv
new file mode 100644
index 0000000000..0ca163dda1
--- /dev/null
+++ b/amoro-ams/src/test/resources/users.csv
@@ -0,0 +1,2 @@
+admin,admin
+user,user
\ No newline at end of file

From 9add05ca29b4cc2653142e6dcf114d553cd3dabd Mon Sep 17 00:00:00 2001
From: "13574798@qq.com" <13574798@qq.com>
Date: Sat, 3 May 2025 17:49:51 +0800
Subject: [PATCH 10/14] add test file

---
 .../org/apache/amoro/server/permission/UserInfoManager.java | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/amoro-ams/src/main/java/org/apache/amoro/server/permission/UserInfoManager.java b/amoro-ams/src/main/java/org/apache/amoro/server/permission/UserInfoManager.java
index 697a667dc3..74ffd529a0 100644
--- a/amoro-ams/src/main/java/org/apache/amoro/server/permission/UserInfoManager.java
+++ b/amoro-ams/src/main/java/org/apache/amoro/server/permission/UserInfoManager.java
@@ -19,14 +19,19 @@
 package org.apache.amoro.server.permission;
 
 import org.apache.amoro.server.Environments;
+import org.apache.amoro.server.dashboard.DashboardServer;
 import org.apache.amoro.shade.guava32.com.google.common.collect.Maps;
 import org.apache.commons.io.FileUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import java.io.File;
 import java.util.Map;
 
 public class UserInfoManager {
 
+  public static final Logger LOG = LoggerFactory.getLogger(UserInfoManager.class);
+
   private final Map<String, String> users = Maps.newHashMap();
 
   public UserInfoManager() {
@@ -54,6 +59,7 @@ private void loadUserInfoFileToMap(String filePath) {
                 }
               });
     } catch (Exception e) {
+      LOG.error("load userInfo file error", e);
       throw new RuntimeException("load userInfo file error", e);
     }
   }

From 700c5818d1f57092d79f0b4aaec92cb2723907ab Mon Sep 17 00:00:00 2001
From: "13574798@qq.com" <13574798@qq.com>
Date: Sat, 3 May 2025 18:13:17 +0800
Subject: [PATCH 11/14] add test file

---
 .../java/org/apache/amoro/server/permission/UserInfoManager.java | 1 -
 1 file changed, 1 deletion(-)

diff --git a/amoro-ams/src/main/java/org/apache/amoro/server/permission/UserInfoManager.java b/amoro-ams/src/main/java/org/apache/amoro/server/permission/UserInfoManager.java
index 74ffd529a0..25e3908a53 100644
--- a/amoro-ams/src/main/java/org/apache/amoro/server/permission/UserInfoManager.java
+++ b/amoro-ams/src/main/java/org/apache/amoro/server/permission/UserInfoManager.java
@@ -19,7 +19,6 @@
 package org.apache.amoro.server.permission;
 
 import org.apache.amoro.server.Environments;
-import org.apache.amoro.server.dashboard.DashboardServer;
 import org.apache.amoro.shade.guava32.com.google.common.collect.Maps;
 import org.apache.commons.io.FileUtils;
 import org.slf4j.Logger;

From c71e4b69a256c9c123ee73a016f000a64284e162 Mon Sep 17 00:00:00 2001
From: "13574798@qq.com" <13574798@qq.com>
Date: Sun, 4 May 2025 08:03:38 +0800
Subject: [PATCH 12/14] add test file

---
 .../apache/amoro/server/permission/UserInfoManager.java    | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/amoro-ams/src/main/java/org/apache/amoro/server/permission/UserInfoManager.java b/amoro-ams/src/main/java/org/apache/amoro/server/permission/UserInfoManager.java
index 25e3908a53..3b14ea285c 100644
--- a/amoro-ams/src/main/java/org/apache/amoro/server/permission/UserInfoManager.java
+++ b/amoro-ams/src/main/java/org/apache/amoro/server/permission/UserInfoManager.java
@@ -47,7 +47,12 @@ public boolean isValidate(String username, String password) {
 
   private void loadUserInfoFileToMap(String filePath) {
     try {
-      FileUtils.readLines(new File(filePath), "UTF-8")
+      File file = new File(filePath);
+      if (!file.exists()) {
+        LOG.warn("userInfo file not exist, please check your config");
+        return;
+      }
+      FileUtils.readLines(file, "UTF-8")
           .forEach(
               line -> {
                 String[] parts = line.split(",");

From 27ba771973df960517c1e3a1571d05e0ee8c0aa4 Mon Sep 17 00:00:00 2001
From: "13574798@qq.com" <13574798@qq.com>
Date: Sun, 4 May 2025 08:04:23 +0800
Subject: [PATCH 13/14] add test file

---
 amoro-ams/src/test/resources/policy.csv      |  4 ----
 amoro-ams/src/test/resources/rbac_model.conf | 14 --------------
 amoro-ams/src/test/resources/users.csv       |  2 --
 3 files changed, 20 deletions(-)
 delete mode 100644 amoro-ams/src/test/resources/policy.csv
 delete mode 100644 amoro-ams/src/test/resources/rbac_model.conf
 delete mode 100644 amoro-ams/src/test/resources/users.csv

diff --git a/amoro-ams/src/test/resources/policy.csv b/amoro-ams/src/test/resources/policy.csv
deleted file mode 100644
index 17ccdd240c..0000000000
--- a/amoro-ams/src/test/resources/policy.csv
+++ /dev/null
@@ -1,4 +0,0 @@
-p, admin, /*, GET|POST|DELETE|PUT
-p, read_only, /*, GET
-g, admin, admin
-g, user, read_only
\ No newline at end of file
diff --git a/amoro-ams/src/test/resources/rbac_model.conf b/amoro-ams/src/test/resources/rbac_model.conf
deleted file mode 100644
index e9aa027118..0000000000
--- a/amoro-ams/src/test/resources/rbac_model.conf
+++ /dev/null
@@ -1,14 +0,0 @@
-[request_definition]
-r = sub, obj, act
-
-[policy_definition]
-p = sub, obj, act
-
-[role_definition]
-g = _, _
-
-[policy_effect]
-e = some(where (p.eft == allow))
-
-[matchers]
-m = g(r.sub, p.sub) && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)
diff --git a/amoro-ams/src/test/resources/users.csv b/amoro-ams/src/test/resources/users.csv
deleted file mode 100644
index 0ca163dda1..0000000000
--- a/amoro-ams/src/test/resources/users.csv
+++ /dev/null
@@ -1,2 +0,0 @@
-admin,admin
-user,user
\ No newline at end of file

From dabfdcd86638cb68e61d9bddac2f456e321e0500 Mon Sep 17 00:00:00 2001
From: "13574798@qq.com" <13574798@qq.com>
Date: Sun, 4 May 2025 17:51:53 +0800
Subject: [PATCH 14/14] add test file

---
 .../server/permission/PermissionManager.java   | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/amoro-ams/src/main/java/org/apache/amoro/server/permission/PermissionManager.java b/amoro-ams/src/main/java/org/apache/amoro/server/permission/PermissionManager.java
index f90f4e2efe..d1a000bac8 100644
--- a/amoro-ams/src/main/java/org/apache/amoro/server/permission/PermissionManager.java
+++ b/amoro-ams/src/main/java/org/apache/amoro/server/permission/PermissionManager.java
@@ -20,14 +20,28 @@
 
 import org.apache.amoro.server.Environments;
 import org.casbin.jcasbin.main.Enforcer;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.File;
 
 public class PermissionManager {
+
+  public static final Logger LOG = LoggerFactory.getLogger(UserInfoManager.class);
+
   private final Enforcer enforcer;
 
   public PermissionManager() {
     String modelPath = Environments.getConfigPath() + "/rbac_model.conf";
-    String policyFile = Environments.getConfigPath() + "/policy.csv";
-    enforcer = new Enforcer(modelPath, policyFile);
+    String policyPath = Environments.getConfigPath() + "/policy.csv";
+    File modelFile = new File(modelPath);
+    File policyFile = new File(policyPath);
+    if (!modelFile.exists() || !policyFile.exists()) {
+      enforcer = new Enforcer();
+      LOG.warn("model or policy file not exist, please check your config");
+      return;
+    }
+    enforcer = new Enforcer(modelPath, policyPath);
   }
 
   public boolean accessible(String user, String url, String method) {