Example 41 with Principal
use of co.cask.cdap.proto.security.Principal in project cdap by caskdata.
the class AuthorizationHandler method removeRoleFromPrincipal.
@Path("/{principal-type}/{principal-name}/roles/{role-name}")
@DELETE
public void removeRoleFromPrincipal(HttpRequest httpRequest, HttpResponder httpResponder, @PathParam("principal-type") String principalType, @PathParam("principal-name") String principalName, @PathParam("role-name") String roleName) throws Exception {
ensureSecurityEnabled();
Principal principal = new Principal(principalName, Principal.PrincipalType.valueOf(principalType.toUpperCase()));
authorizer.removeRoleFromPrincipal(new Role(roleName), principal);
httpResponder.sendStatus(HttpResponseStatus.OK);
createLogEntry(httpRequest, HttpResponseStatus.OK);
}Example 42 with Principal
use of co.cask.cdap.proto.security.Principal in project cdap by caskdata.
the class RemotePrivilegesHandler method revoke.
@POST
@Path("/revoke")
public void revoke(FullHttpRequest request, HttpResponder responder) throws Exception {
Iterator<MethodArgument> arguments = parseArguments(request);
EntityId entityId = deserializeNext(arguments);
Principal principal = deserializeNext(arguments);
Set<Action> actions = deserializeNext(arguments, SET_OF_ACTIONS);
LOG.trace("Revoking {} on {} from {}", actions, entityId, principal);
privilegesManager.revoke(Authorizable.fromEntityId(entityId), principal, actions);
LOG.info("Revoked {} on {} from {} successfully", actions, entityId, principal);
responder.sendStatus(HttpResponseStatus.OK);
}Example 43 with Principal
use of co.cask.cdap.proto.security.Principal in project cdap by caskdata.
the class RemotePrivilegesHandler method grant.
@POST
@Path("/grant")
public void grant(FullHttpRequest request, HttpResponder responder) throws Exception {
Iterator<MethodArgument> arguments = parseArguments(request);
EntityId entityId = deserializeNext(arguments);
Principal principal = deserializeNext(arguments);
Set<Action> actions = deserializeNext(arguments, SET_OF_ACTIONS);
LOG.trace("Granting {} on {} to {}", actions, entityId, principal);
privilegesManager.grant(Authorizable.fromEntityId(entityId), principal, actions);
LOG.info("Granted {} on {} to {} successfully", actions, entityId, principal);
responder.sendStatus(HttpResponseStatus.OK);
}Example 44 with Principal
use of co.cask.cdap.proto.security.Principal in project cdap by caskdata.
the class RemotePrivilegesHandler method listPrivileges.
@POST
@Path("/listPrivileges")
public void listPrivileges(HttpRequest request, HttpResponder responder) throws Exception {
Iterator<MethodArgument> arguments = parseArguments(request);
Principal principal = deserializeNext(arguments);
LOG.trace("Listing privileges for principal {}", principal);
Set<Privilege> privileges = privilegesManager.listPrivileges(principal);
LOG.debug("Returning privileges for principal {} as {}", principal, privileges);
responder.sendJson(HttpResponseStatus.OK, privileges);
}
Also used :
MethodArgument(co.cask.cdap.common.internal.remote.MethodArgument)
AuthorizationPrivilege(co.cask.cdap.proto.security.AuthorizationPrivilege)
Privilege(co.cask.cdap.proto.security.Privilege)
Principal(co.cask.cdap.proto.security.Principal)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Example 45 with Principal
use of co.cask.cdap.proto.security.Principal in project cdap by caskdata.
the class DatasetTypeService method deleteAll.
/**
* Deletes all {@link DatasetModuleMeta dataset modules} in the specified {@link NamespaceId namespace}.
*/
void deleteAll(NamespaceId namespaceId) throws Exception {
Principal principal = authenticationContext.getPrincipal();
authorizationEnforcer.enforce(namespaceId, principal, Action.ADMIN);
if (NamespaceId.SYSTEM.equals(namespaceId)) {
throw new UnauthorizedException(String.format("Cannot delete modules from '%s' namespace.", namespaceId));
}
ensureNamespaceExists(namespaceId);
// revoke all privileges on all modules
for (DatasetModuleMeta meta : typeManager.getModules(namespaceId)) {
privilegesManager.revoke(namespaceId.datasetModule(meta.getName()));
}
try {
typeManager.deleteModules(namespaceId);
} catch (DatasetModuleConflictException e) {
throw new ConflictException(e.getMessage(), e);
}
}
Also used :
DatasetModuleConflictException(co.cask.cdap.data2.datafabric.dataset.type.DatasetModuleConflictException)
DatasetModuleMeta(co.cask.cdap.proto.DatasetModuleMeta)
ConflictException(co.cask.cdap.common.ConflictException)
DatasetModuleConflictException(co.cask.cdap.data2.datafabric.dataset.type.DatasetModuleConflictException)
UnauthorizedException(co.cask.cdap.security.spi.authorization.UnauthorizedException)
Principal(co.cask.cdap.proto.security.Principal)
Aggregations
Principal (co.cask.cdap.proto.security.Principal)76
EntityId (co.cask.cdap.proto.id.EntityId)22
UnauthorizedException (co.cask.cdap.security.spi.authorization.UnauthorizedException)16
Action (co.cask.cdap.proto.security.Action)13
NamespaceId (co.cask.cdap.proto.id.NamespaceId)12
IOException (java.io.IOException)12
Path (javax.ws.rs.Path)11
Test (org.junit.Test)9
Role (co.cask.cdap.proto.security.Role)8
POST (javax.ws.rs.POST)7
MethodArgument (co.cask.cdap.common.internal.remote.MethodArgument)6
DatasetModuleMeta (co.cask.cdap.proto.DatasetModuleMeta)5
KerberosPrincipalId (co.cask.cdap.proto.id.KerberosPrincipalId)5
Privilege (co.cask.cdap.proto.security.Privilege)5
DatasetManagementException (co.cask.cdap.api.dataset.DatasetManagementException)4
NamespaceNotFoundException (co.cask.cdap.common.NamespaceNotFoundException)4
SecureKeyId (co.cask.cdap.proto.id.SecureKeyId)4
DatasetSpecification (co.cask.cdap.api.dataset.DatasetSpecification)3
DatasetModuleConflictException (co.cask.cdap.data2.datafabric.dataset.type.DatasetModuleConflictException)3
DatasetTypeMeta (co.cask.cdap.proto.DatasetTypeMeta)3
