Examples with Role co.cask.cdap.proto.security.Role used on opensource projects

Example 6 with Role

use of co.cask.cdap.proto.security.Role in project cdap by caskdata.

the class AuthorizationHandler method dropRole.

@Path("/roles/{role-name}")
@DELETE
public void dropRole(HttpRequest httpRequest, HttpResponder httpResponder, @PathParam("role-name") String roleName) throws Exception {
    ensureSecurityEnabled();
    authorizer.dropRole(new Role(roleName));
    httpResponder.sendStatus(HttpResponseStatus.OK);
    createLogEntry(httpRequest, HttpResponseStatus.OK);
}

Example 7 with Role

use of co.cask.cdap.proto.security.Role in project cdap by caskdata.

the class AuthorizationHandler method removeRoleFromPrincipal.

@Path("/{principal-type}/{principal-name}/roles/{role-name}")
@DELETE
public void removeRoleFromPrincipal(HttpRequest httpRequest, HttpResponder httpResponder, @PathParam("principal-type") String principalType, @PathParam("principal-name") String principalName, @PathParam("role-name") String roleName) throws Exception {
    ensureSecurityEnabled();
    Principal principal = new Principal(principalName, Principal.PrincipalType.valueOf(principalType.toUpperCase()));
    authorizer.removeRoleFromPrincipal(new Role(roleName), principal);
    httpResponder.sendStatus(HttpResponseStatus.OK);
    createLogEntry(httpRequest, HttpResponseStatus.OK);
}

Example 8 with Role

use of co.cask.cdap.proto.security.Role in project cdap by caskdata.

the class RemoveRoleFromPrincipalCommand method perform.

@Override
public void perform(Arguments arguments, PrintStream output) throws Exception {
    String roleName = arguments.get("role-name");
    String principalType = arguments.get("principal-type");
    String principalName = arguments.get("principal-name");
    client.removeRoleFromPrincipal(new Role(roleName), new Principal(principalName, Principal.PrincipalType.valueOf(principalType.toUpperCase())));
    output.printf("Successfully removed role '%s' from %s '%s'\n", roleName, principalType, principalName);
}

Example 9 with Role

use of co.cask.cdap.proto.security.Role in project cdap by caskdata.

the class DropRoleCommand method perform.

@Override
public void perform(Arguments arguments, PrintStream output) throws Exception {
    String roleName = arguments.get("role-name");
    client.dropRole(new Role(roleName));
    output.printf("Successfully dropped role '%s'\n", roleName);
}

Example 10 with Role

use of co.cask.cdap.proto.security.Role in project cdap by caskdata.

the class InMemoryAuthorizer method enforce.

@Override
public void enforce(EntityId entity, Principal principal, Set<Action> actions) throws UnauthorizedException {
    // super users do not have any enforcement
    if (superUsers.contains(principal) || superUsers.contains(allSuperUsers)) {
        return;
    }
    // actions allowed for this principal
    Set<Action> allowed = getActions(entity, principal);
    if (allowed.containsAll(actions)) {
        return;
    }
    Set<Action> allowedForRoles = new HashSet<>();
    // actions allowed for any of the roles to which this principal belongs if its not a role
    if (principal.getType() != Principal.PrincipalType.ROLE) {
        for (Role role : getRoles(principal)) {
            allowedForRoles.addAll(getActions(entity, role));
        }
    }
    if (!allowedForRoles.containsAll(actions)) {
        throw new UnauthorizedException(principal, Sets.difference(actions, allowed), entity);
    }
}