Example 1 with VisibilityRequest
use of co.cask.cdap.proto.security.VisibilityRequest in project cdap by caskdata.
the class RemoteAuthorizationEnforcer method isVisible.
@Override
public Set<? extends EntityId> isVisible(Set<? extends EntityId> entityIds, Principal principal) throws Exception {
if (!isSecurityAuthorizationEnabled()) {
return entityIds;
}
Preconditions.checkNotNull(entityIds, "entityIds cannot be null");
if (cacheEnabled) {
Iterable<VisibilityKey> visibilityKeys = toVisibilityKeys(principal, entityIds);
ImmutableMap<VisibilityKey, Boolean> visibilityMap = visibilityCache.getAll(visibilityKeys);
return toEntityIds(Maps.filterEntries(visibilityMap, VISIBILITY_KEYS_FILTER).keySet());
} else {
return visibilityCheckCall(new VisibilityRequest(principal, entityIds));
}
}
Also used :
VisibilityRequest(co.cask.cdap.proto.security.VisibilityRequest)
Example 2 with VisibilityRequest
use of co.cask.cdap.proto.security.VisibilityRequest in project cdap by caskdata.
the class RemoteAuthorizationEnforcer method loadVisibility.
private Map<VisibilityKey, Boolean> loadVisibility(Iterable<? extends VisibilityKey> keys) throws IOException {
if (!keys.iterator().hasNext()) {
return Collections.emptyMap();
}
// It is okay to use the first principal here, since isVisible request will always come for a single principal
Principal principal = keys.iterator().next().getPrincipal();
Set<? extends EntityId> visibleEntities = visibilityCheckCall(new VisibilityRequest(principal, toEntityIds(keys)));
Map<VisibilityKey, Boolean> keyMap = new HashMap<>();
for (VisibilityKey key : keys) {
keyMap.put(key, visibleEntities.contains(key.getEntityId()));
}
return keyMap;
}
Also used :
HashMap(java.util.HashMap)
VisibilityRequest(co.cask.cdap.proto.security.VisibilityRequest)
Principal(co.cask.cdap.proto.security.Principal)
Example 3 with VisibilityRequest
use of co.cask.cdap.proto.security.VisibilityRequest in project cdap by caskdata.
the class RemotePrivilegesHandler method isVisible.
@POST
@Path("/isVisible")
public void isVisible(FullHttpRequest request, HttpResponder responder) throws Exception {
VisibilityRequest visibilityRequest = GSON.fromJson(request.content().toString(StandardCharsets.UTF_8), VisibilityRequest.class);
Principal principal = visibilityRequest.getPrincipal();
Set<EntityId> entityIds = visibilityRequest.getEntityIds();
LOG.trace("Checking visibility for principal {} on entities {}", principal, entityIds);
Set<? extends EntityId> visiableEntities = authorizationEnforcer.isVisible(entityIds, principal);
LOG.debug("Returning entities visible for principal {} as {}", principal, visiableEntities);
responder.sendJson(HttpResponseStatus.OK, GSON.toJson(visiableEntities));
}
Also used :
EntityId(co.cask.cdap.proto.id.EntityId)
VisibilityRequest(co.cask.cdap.proto.security.VisibilityRequest)
Principal(co.cask.cdap.proto.security.Principal)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
