Examples with Principal co.cask.cdap.proto.security.Principal used on opensource projects

Example 71 with Principal

use of co.cask.cdap.proto.security.Principal in project cdap by caskdata.

the class RemotePrivilegesHandler method listPrivileges.

@POST
@Path("/listPrivileges")
public void listPrivileges(FullHttpRequest request, HttpResponder responder) throws Exception {
    Iterator<MethodArgument> arguments = parseArguments(request);
    Principal principal = deserializeNext(arguments);
    LOG.trace("Listing privileges for principal {}", principal);
    Set<Privilege> privileges = privilegesManager.listPrivileges(principal);
    LOG.debug("Returning privileges for principal {} as {}", principal, privileges);
    responder.sendJson(HttpResponseStatus.OK, GSON.toJson(privileges));
}

Example 72 with Principal

use of co.cask.cdap.proto.security.Principal in project cdap by caskdata.

the class RemotePrivilegesHandler method isVisible.

@POST
@Path("/isVisible")
public void isVisible(FullHttpRequest request, HttpResponder responder) throws Exception {
    VisibilityRequest visibilityRequest = GSON.fromJson(request.content().toString(StandardCharsets.UTF_8), VisibilityRequest.class);
    Principal principal = visibilityRequest.getPrincipal();
    Set<EntityId> entityIds = visibilityRequest.getEntityIds();
    LOG.trace("Checking visibility for principal {} on entities {}", principal, entityIds);
    Set<? extends EntityId> visiableEntities = authorizationEnforcer.isVisible(entityIds, principal);
    LOG.debug("Returning entities visible for principal {} as {}", principal, visiableEntities);
    responder.sendJson(HttpResponseStatus.OK, GSON.toJson(visiableEntities));
}

Example 73 with Principal

use of co.cask.cdap.proto.security.Principal in project cdap by caskdata.

the class DefaultNamespaceAdmin method get.

/**
 * Gets details of a namespace
 *
 * @param namespaceId the {@link Id.Namespace} of the requested namespace
 * @return the {@link NamespaceMeta} of the requested namespace
 * @throws NamespaceNotFoundException if the requested namespace is not found
 * @throws UnauthorizedException if the namespace is not authorized to the logged-user
 */
@Override
public NamespaceMeta get(NamespaceId namespaceId) throws Exception {
    Principal principal = authenticationContext.getPrincipal();
    boolean isAuthorzied = true;
    // See: CDAP-7387
    if (masterShortUserName == null || !masterShortUserName.equals(principal.getName())) {
        try {
            AuthorizationUtil.ensureAccess(namespaceId, authorizationEnforcer, principal);
        } catch (UnauthorizedException e) {
            isAuthorzied = false;
        }
    }
    NamespaceMeta namespaceMeta = null;
    try {
        namespaceMeta = namespaceMetaCache.get(namespaceId);
    } catch (Exception e) {
        if (isAuthorzied) {
            Throwable cause = e.getCause();
            if (cause instanceof NamespaceNotFoundException || cause instanceof IOException || cause instanceof UnauthorizedException) {
                throw (Exception) cause;
            }
            throw e;
        }
    }
    // If the requesting user is same as namespace owner, we do not care about if the user is authorized or not
    if (namespaceMeta != null && principal.getName().equals(namespaceMeta.getConfig().getPrincipal())) {
        return namespaceMeta;
    }
    if (!isAuthorzied) {
        throw new UnauthorizedException(String.format("Namespace %s is not visible to principal %s since the principal does not have any " + "privilege on this namespace or any entity in this namespace.", namespaceId, principal));
    }
    return namespaceMeta;
}

Example 74 with Principal

use of co.cask.cdap.proto.security.Principal in project cdap by caskdata.

the class AuthorizationArtifactRepository method addSystemArtifacts.

@Override
public void addSystemArtifacts() throws Exception {
    // to add system artifacts, users should have admin privileges on the system namespace
    Principal principal = authenticationContext.getPrincipal();
    authorizationEnforcer.enforce(NamespaceId.SYSTEM, principal, Action.ADMIN);
    delegate.addSystemArtifacts();
}

Example 75 with Principal

use of co.cask.cdap.proto.security.Principal in project cdap by caskdata.

the class AuthorizationHandlerTest method testRevokeEntityUser.

@Test
public void testRevokeEntityUser() throws Exception {
    Principal adminGroup = new Principal("admin", Principal.PrincipalType.GROUP);
    Principal bob = new Principal("bob", Principal.PrincipalType.USER);
    // grant() and revoke(EntityId, String)
    client.grant(Authorizable.fromEntityId(ns1), adminGroup, ImmutableSet.of(Action.READ));
    client.grant(Authorizable.fromEntityId(ns1), bob, ImmutableSet.of(Action.READ));
    verifyAuthSuccess(ns1, adminGroup, Action.READ);
    verifyAuthSuccess(ns1, bob, Action.READ);
    client.revoke(Authorizable.fromEntityId(ns1), adminGroup, EnumSet.allOf(Action.class));
    verifyAuthFailure(ns1, adminGroup, Action.READ);
    verifyAuthSuccess(ns1, bob, Action.READ);
}