Examples with StorageOSUserDAO com.emc.storageos.db.client.model.StorageOSUserDAO used on opensource projects

Example 21 with StorageOSUserDAO

use of com.emc.storageos.db.client.model.StorageOSUserDAO in project coprhd-controller by CoprHD.

the class CassandraTokenValidator method foreignTokenCacheLookup.

/**
 * Looks in the cache for token/user record. Returns null if not found or found but cache expired
 *
 * @param tw
 * @return user record
 */
private StorageOSUserDAO foreignTokenCacheLookup(TokenOnWire tw) {
    BaseToken bToken = fetchTokenLocal(tw);
    if (bToken == null || !Token.class.isInstance(bToken)) {
        _log.info("Token: no hit from cache");
        return null;
    }
    Token token = (Token) bToken;
    Long expirationTime = token.getCacheExpirationTime();
    if (expirationTime != null && expirationTime > getCurrentTimeInMins()) {
        StorageOSUserDAO user = resolveUser(token);
        _log.info("Got user from cached token: {}", user != null ? user.getUserName() : "no hit from cache");
        return user;
    }
    _log.info("Cache expired for foreign token {}", token.getId());
    return null;
}

Example 22 with StorageOSUserDAO

use of com.emc.storageos.db.client.model.StorageOSUserDAO in project coprhd-controller by CoprHD.

the class CassandraTokenManager method deleteAllTokensForUser.

/**
 * Delete all tokens belonging to the user and mark all the user records for this user for deletion.
 */
@Override
public void deleteAllTokensForUser(String userName, boolean includeProxyTokens) {
    try {
        List<StorageOSUserDAO> userRecords = getUserRecords(userName.toLowerCase());
        for (StorageOSUserDAO userRecord : userRecords) {
            List<Token> tokensToDelete = getTokensForUserId(userRecord.getId());
            for (Token token : tokensToDelete) {
                _log.info("Removing token {} using userDAO {} for username {}", new String[] { token.getId().toString(), userRecord.getId().toString(), userName });
                _dbClient.removeObject(token);
                cleanUpRequestedTokenMap(token);
            }
            // making proxy token deletion optional
            List<ProxyToken> pTokensToDelete = getProxyTokensForUserId(userRecord.getId());
            if (includeProxyTokens) {
                for (ProxyToken token : pTokensToDelete) {
                    _log.info("Removing proxy token {} using userDAO {} for username {}", new String[] { token.getId().toString(), userRecord.getId().toString(), userName });
                    _dbClient.removeObject(token);
                }
                _log.info("Marking for deletion: user record {} for username {}", userRecord.getId().toString(), userName);
                _dbClient.markForDeletion(userRecord);
            } else if (pTokensToDelete.isEmpty()) {
                _log.info("No proxy tokens found. Marking for deletion: user record {} for username {}", userRecord.getId().toString(), userName);
                _dbClient.markForDeletion(userRecord);
            }
        }
    } catch (DatabaseException ex) {
        throw SecurityException.fatals.exceptionDuringTokenDeletionForUser(userName, ex);
    }
}

Example 23 with StorageOSUserDAO

use of com.emc.storageos.db.client.model.StorageOSUserDAO in project coprhd-controller by CoprHD.

the class CustomAuthenticationManager method refreshUser.

@Override
public void refreshUser(String username) throws SecurityException, BadRequestException {
    UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(username, "");
    for (AuthenticationProvider provider : getAuthenticationProviders()) {
        StorageOSAuthenticationHandler authenticationHandler = provider.getHandler();
        if (!authenticationHandler.supports(credentials)) {
            continue;
        }
        List<StorageOSUserDAO> userDAOs = _tokenManager.getUserRecords(username);
        if (CollectionUtils.isEmpty(userDAOs)) {
            _log.error("user " + username + "does not exist in database");
            throw APIException.badRequests.invalidParameter("username", username);
        }
        ValidationFailureReason[] failureReason = new ValidationFailureReason[] { ValidationFailureReason.USER_OR_GROUP_NOT_FOUND_FOR_TENANT };
        StorageOSPersonAttributeDao attributeRepository = provider.getAttributeRepository();
        final StorageOSUserDAO userDAO = attributeRepository.getStorageOSUser(credentials, failureReason);
        // anything...
        if (userDAO == null && failureReason[0] == ValidationFailureReason.LDAP_CONNECTION_FAILED) {
            throw SecurityException.fatals.communicationToLDAPResourceFailed();
        } else if (userDAO == null && failureReason[0] == ValidationFailureReason.LDAP_MANAGER_AUTH_FAILED) {
            throw SecurityException.fatals.ldapManagerAuthenticationFailed();
        } else if (userDAO == null) {
            // we coudln't find the user, which means it's no longer valid, so we need
            // to logout the user
            _tokenManager.deleteAllTokensForUser(username, true);
            throw APIException.badRequests.principalSearchFailed(username);
        }
        // update the user records in the DB
        _tokenManager.updateDBWithUser(userDAO, userDAOs);
        return;
    }
    // we don't have a handler that supports the given credentials
    _log.error("Unsupported credentials {}", username);
    _tokenManager.deleteAllTokensForUser(username, true);
    // failed to refresh
    throw APIException.badRequests.principalSearchFailed(username);
}

Example 24 with StorageOSUserDAO

use of com.emc.storageos.db.client.model.StorageOSUserDAO in project coprhd-controller by CoprHD.

the class CustomAuthenticationManager method authenticate.

@Override
public StorageOSUserDAO authenticate(final Credentials credentials) {
    boolean found = false;
    String handlerName;
    for (AuthenticationProvider provider : getAuthenticationProviders()) {
        StorageOSAuthenticationHandler authenticationHandler = provider.getHandler();
        StorageOSPersonAttributeDao attributeRepository = provider.getAttributeRepository();
        if (!authenticationHandler.supports(credentials)) {
            continue;
        }
        found = true;
        handlerName = authenticationHandler.getClass().getName();
        if (authenticationHandler.authenticate(credentials)) {
            _log.info("{} successfully authenticated {}", handlerName, logFormat(credentials));
            final StorageOSUserDAO user = attributeRepository.getStorageOSUser(credentials);
            _log.info("Authenticated {}.", user);
            _log.debug("Attribute map for {}: {}", user, user.getAttributes());
            return user;
        }
        _log.info("{} failed to authenticate {}", handlerName, logFormat(credentials));
    }
    // failed authn
    if (found) {
        _log.error("Failed to authenticate {}", logFormat(credentials));
        return null;
    }
    // we don't have a handler that supports the credentials given
    _log.error("Unsupported credentials {}", logFormat(credentials));
    return null;
}

Example 25 with StorageOSUserDAO

use of com.emc.storageos.db.client.model.StorageOSUserDAO in project coprhd-controller by CoprHD.

the class StorageOSLdapPersonAttributeDao method validateUser.

/*
     * @see com.emc.storageos.auth.StorageOSPersonAttributeDao#validateUser(java.lang.String, java.lang.String)
     */
@Override
public void validateUser(final String userId, final String tenantId, final String altTenantId) {
    UsernamePasswordCredentials creds = new UsernamePasswordCredentials(userId, "");
    StorageOSUserDAO user = getStorageOSUser(creds);
    // the user must not be null and it must have tenant id
    boolean belongsToTenant = user.getTenantId().equals(tenantId);
    boolean belongsToAltTenant = (altTenantId != null) && user.getTenantId().equals(altTenantId);
    if (!(belongsToTenant || belongsToAltTenant)) {
        throw APIException.badRequests.principalSearchFailed(userId);
    }
}