Examples with StreamlineAuthorizer com.hortonworks.streamline.streams.security.StreamlineAuthorizer used on opensource projects

Example 1 with StreamlineAuthorizer

use of com.hortonworks.streamline.streams.security.StreamlineAuthorizer in project streamline by hortonworks.

the class StreamlineApplication method registerResources.

private void registerResources(StreamlineConfiguration configuration, Environment environment, Subject subject) throws ConfigException, ClassNotFoundException, IllegalAccessException, InstantiationException {
    StorageManager storageManager = getDao(configuration);
    TransactionManager transactionManager;
    if (storageManager instanceof TransactionManager) {
        transactionManager = (TransactionManager) storageManager;
    } else {
        transactionManager = new NOOPTransactionManager();
    }
    environment.jersey().register(new TransactionEventListener(transactionManager, true));
    Collection<Class<? extends Storable>> streamlineEntities = getStorableEntities();
    storageManager.registerStorables(streamlineEntities);
    LOG.info("Registered streamline entities {}", streamlineEntities);
    FileStorage fileStorage = this.getJarStorage(configuration, storageManager);
    int appPort = ((HttpConnectorFactory) ((DefaultServerFactory) configuration.getServerFactory()).getApplicationConnectors().get(0)).getPort();
    String catalogRootUrl = configuration.getCatalogRootUrl().replaceFirst("8080", appPort + "");
    List<ModuleConfiguration> modules = configuration.getModules();
    List<Object> resourcesToRegister = new ArrayList<>();
    // add StreamlineConfigResource
    resourcesToRegister.add(new StreamlineConfigurationResource(configuration));
    // authorizer
    StreamlineAuthorizer authorizer;
    AuthorizerConfiguration authorizerConf = configuration.getAuthorizerConfiguration();
    SecurityCatalogService securityCatalogService = new SecurityCatalogService(storageManager);
    if (authorizerConf != null) {
        authorizer = ((Class<StreamlineAuthorizer>) Class.forName(authorizerConf.getClassName())).newInstance();
        Map<String, Object> authorizerConfig = new HashMap<>();
        authorizerConfig.put(DefaultStreamlineAuthorizer.CONF_CATALOG_SERVICE, securityCatalogService);
        authorizerConfig.put(DefaultStreamlineAuthorizer.CONF_ADMIN_PRINCIPALS, authorizerConf.getAdminPrincipals());
        authorizer.init(authorizerConfig);
        String filterClazzName = authorizerConf.getContainerRequestFilter();
        ContainerRequestFilter filter;
        if (StringUtils.isEmpty(filterClazzName)) {
            // default
            filter = new StreamlineKerberosRequestFilter();
        } else {
            filter = ((Class<ContainerRequestFilter>) Class.forName(filterClazzName)).newInstance();
        }
        LOG.info("Registering ContainerRequestFilter: {}", filter.getClass().getCanonicalName());
        environment.jersey().register(filter);
    } else {
        LOG.info("Authorizer config not set, setting noop authorizer");
        String noopAuthorizerClassName = "com.hortonworks.streamline.streams.security.impl.NoopAuthorizer";
        authorizer = ((Class<StreamlineAuthorizer>) Class.forName(noopAuthorizerClassName)).newInstance();
    }
    for (ModuleConfiguration moduleConfiguration : modules) {
        String moduleName = moduleConfiguration.getName();
        String moduleClassName = moduleConfiguration.getClassName();
        LOG.info("Registering module [{}] with class [{}]", moduleName, moduleClassName);
        ModuleRegistration moduleRegistration = (ModuleRegistration) Class.forName(moduleClassName).newInstance();
        if (moduleConfiguration.getConfig() == null) {
            moduleConfiguration.setConfig(new HashMap<String, Object>());
        }
        if (moduleName.equals(Constants.CONFIG_STREAMS_MODULE)) {
            moduleConfiguration.getConfig().put(Constants.CONFIG_CATALOG_ROOT_URL, catalogRootUrl);
        }
        Map<String, Object> initConfig = new HashMap<>(moduleConfiguration.getConfig());
        initConfig.put(Constants.CONFIG_AUTHORIZER, authorizer);
        initConfig.put(Constants.CONFIG_SECURITY_CATALOG_SERVICE, securityCatalogService);
        initConfig.put(Constants.CONFIG_SUBJECT, subject);
        if ((initConfig.get("proxyUrl") != null) && (configuration.getHttpProxyUrl() == null || configuration.getHttpProxyUrl().isEmpty())) {
            LOG.warn("Please move proxyUrl, proxyUsername and proxyPassword configuration properties under streams module to httpProxyUrl, " + "httpProxyUsername and httpProxyPassword respectively at top level in your streamline.yaml");
            configuration.setHttpProxyUrl((String) initConfig.get("proxyUrl"));
            configuration.setHttpProxyUsername((String) initConfig.get("proxyUsername"));
            configuration.setHttpProxyPassword((String) initConfig.get("proxyPassword"));
        }
        // pass http proxy information from top level config to each module. Up to them how they want to use it. Currently used in StreamsModule
        initConfig.put(Constants.CONFIG_HTTP_PROXY_URL, configuration.getHttpProxyUrl());
        initConfig.put(Constants.CONFIG_HTTP_PROXY_USERNAME, configuration.getHttpProxyUsername());
        initConfig.put(Constants.CONFIG_HTTP_PROXY_PASSWORD, configuration.getHttpProxyPassword());
        moduleRegistration.init(initConfig, fileStorage);
        if (moduleRegistration instanceof StorageManagerAware) {
            LOG.info("Module [{}] is StorageManagerAware and setting StorageManager.", moduleName);
            StorageManagerAware storageManagerAware = (StorageManagerAware) moduleRegistration;
            storageManagerAware.setStorageManager(storageManager);
        }
        if (moduleRegistration instanceof TransactionManagerAware) {
            LOG.info("Module [{}] is TransactionManagerAware and setting TransactionManager.", moduleName);
            TransactionManagerAware transactionManagerAware = (TransactionManagerAware) moduleRegistration;
            transactionManagerAware.setTransactionManager(transactionManager);
        }
        resourcesToRegister.addAll(moduleRegistration.getResources());
    }
    LOG.info("Registering resources to Jersey environment: [{}]", resourcesToRegister);
    for (Object resource : resourcesToRegister) {
        environment.jersey().register(resource);
    }
    environment.jersey().register(MultiPartFeature.class);
    final ErrorPageErrorHandler errorPageErrorHandler = new ErrorPageErrorHandler();
    errorPageErrorHandler.addErrorPage(Response.Status.UNAUTHORIZED.getStatusCode(), "/401.html");
    environment.getApplicationContext().setErrorHandler(errorPageErrorHandler);
}

Example 2 with StreamlineAuthorizer

use of com.hortonworks.streamline.streams.security.StreamlineAuthorizer in project streamline by hortonworks.

the class StreamsModule method getResources.

@Override
public List<Object> getResources() {
    List<Object> result = new ArrayList<>();
    String catalogRootUrl = (String) config.get(Constants.CONFIG_CATALOG_ROOT_URL);
    // Authorized subject
    final Subject subject = (Subject) config.get(Constants.CONFIG_SUBJECT);
    MLModelRegistryClient modelRegistryClient = new MLModelRegistryClient(catalogRootUrl, subject);
    final StreamCatalogService streamcatalogService = new StreamCatalogService(storageManager, fileStorage, modelRegistryClient);
    final EnvironmentService environmentService = new EnvironmentService(storageManager);
    TagClient tagClient = new TagClient(catalogRootUrl);
    final CatalogService catalogService = new CatalogService(storageManager, fileStorage, tagClient);
    final TopologyActionsService topologyActionsService = new TopologyActionsService(streamcatalogService, environmentService, fileStorage, modelRegistryClient, config, subject, transactionManager);
    final TopologyMetricsService topologyMetricsService = new TopologyMetricsService(environmentService, subject);
    final TopologyLogSearchService topologyLogSearchService = new TopologyLogSearchService(environmentService, subject);
    environmentService.addNamespaceAwareContainer(topologyActionsService);
    environmentService.addNamespaceAwareContainer(topologyMetricsService);
    environmentService.addNamespaceAwareContainer(topologyLogSearchService);
    // authorizer
    final StreamlineAuthorizer authorizer = (StreamlineAuthorizer) config.get(Constants.CONFIG_AUTHORIZER);
    if (authorizer == null) {
        throw new IllegalStateException("Authorizer not set");
    }
    final SecurityCatalogService securityCatalogService = (SecurityCatalogService) config.get(Constants.CONFIG_SECURITY_CATALOG_SERVICE);
    result.addAll(getAuthorizerResources(authorizer, securityCatalogService));
    result.add(new MetricsResource(authorizer, streamcatalogService, topologyMetricsService));
    result.addAll(getClusterRelatedResources(authorizer, environmentService));
    result.add(new FileCatalogResource(authorizer, catalogService));
    result.addAll(getTopologyRelatedResources(authorizer, streamcatalogService, environmentService, topologyActionsService, topologyMetricsService, topologyLogSearchService, securityCatalogService, subject));
    result.add(new UDFCatalogResource(authorizer, streamcatalogService, fileStorage));
    result.addAll(getNotificationsRelatedResources(authorizer, streamcatalogService));
    result.add(new SchemaResource(createSchemaRegistryClient()));
    result.addAll(getServiceMetadataResources(authorizer, environmentService, subject));
    result.add(new NamespaceCatalogResource(authorizer, streamcatalogService, topologyActionsService, environmentService));
    result.add(new SearchCatalogResource(authorizer, streamcatalogService, environmentService, topologyActionsService, topologyMetricsService));
    watchFiles(streamcatalogService);
    setupPlaceholderEntities(streamcatalogService, environmentService);
    return result;
}