Examples with Role com.hortonworks.streamline.streams.security.catalog.Role used on opensource projects

Search in sources :

Example 1 with Role

use of com.hortonworks.streamline.streams.security.catalog.Role in project streamline by hortonworks.

the class SecurityCatalogResource method filter.

private Collection<AclEntry> filter(Collection<AclEntry> aclEntries, SecurityContext securityContext) {
    User currentUser = getCurrentUser(securityContext);
    Set<Role> currentUserRoles = catalogService.getAllUserRoles(currentUser);
    boolean isSecurityAdmin = SecurityUtil.hasRole(authorizer, securityContext, ROLE_SECURITY_ADMIN);
    return aclEntries.stream().filter(aclEntry -> isSecurityAdmin || matches(aclEntry, currentUser, currentUserRoles)).collect(Collectors.toSet());
}
Also used : UserRole(com.hortonworks.streamline.streams.security.catalog.UserRole) Role(com.hortonworks.streamline.streams.security.catalog.Role) Roles(com.hortonworks.streamline.streams.security.Roles) Produces(javax.ws.rs.Produces) Date(java.util.Date) BiFunction(java.util.function.BiFunction) QueryParam(com.hortonworks.registries.common.QueryParam) LoggerFactory(org.slf4j.LoggerFactory) Path(javax.ws.rs.Path) SecurityContext(javax.ws.rs.core.SecurityContext) NewCookie(javax.ws.rs.core.NewCookie) StringUtils(org.apache.commons.lang3.StringUtils) MediaType(javax.ws.rs.core.MediaType) WSUtils(com.hortonworks.streamline.common.util.WSUtils) StreamlineAuthorizer(com.hortonworks.streamline.streams.security.StreamlineAuthorizer) EnumSet(java.util.EnumSet) DELETE(javax.ws.rs.DELETE) SecurityUtil(com.hortonworks.streamline.streams.security.SecurityUtil) WebserviceAuthorizationException(com.hortonworks.streamline.common.exception.service.exception.request.WebserviceAuthorizationException) User(com.hortonworks.streamline.streams.security.catalog.User) Context(javax.ws.rs.core.Context) Permission(com.hortonworks.streamline.streams.security.Permission) OK(javax.ws.rs.core.Response.Status.OK) Collection(java.util.Collection) Set(java.util.Set) Collectors(java.util.stream.Collectors) Sets(com.google.common.collect.Sets) Cookie(javax.ws.rs.core.Cookie) Timed(com.codahale.metrics.annotation.Timed) AuthenticatedURL(org.apache.hadoop.security.authentication.client.AuthenticatedURL) List(java.util.List) Principal(java.security.Principal) Response(javax.ws.rs.core.Response) AuthenticationContext(com.hortonworks.streamline.streams.security.AuthenticationContext) UriInfo(javax.ws.rs.core.UriInfo) CREATED(javax.ws.rs.core.Response.Status.CREATED) ROLE_SECURITY_ADMIN(com.hortonworks.streamline.streams.security.Roles.ROLE_SECURITY_ADMIN) PathParam(javax.ws.rs.PathParam) EntityNotFoundException(com.hortonworks.streamline.common.exception.service.exception.request.EntityNotFoundException) GET(javax.ws.rs.GET) ArrayList(java.util.ArrayList) HashSet(java.util.HashSet) USER(com.hortonworks.streamline.streams.security.catalog.AclEntry.SidType.USER) UserRole(com.hortonworks.streamline.streams.security.catalog.UserRole) AclEntry(com.hortonworks.streamline.streams.security.catalog.AclEntry) Logger(org.slf4j.Logger) POST(javax.ws.rs.POST) ROLE(com.hortonworks.streamline.streams.security.catalog.AclEntry.SidType.ROLE) MultivaluedMap(javax.ws.rs.core.MultivaluedMap) PUT(javax.ws.rs.PUT) RoleHierarchy(com.hortonworks.streamline.streams.security.catalog.RoleHierarchy) Role(com.hortonworks.streamline.streams.security.catalog.Role) User(com.hortonworks.streamline.streams.security.catalog.User)

Example 2 with Role

use of com.hortonworks.streamline.streams.security.catalog.Role in project streamline by hortonworks.

the class SecurityCatalogResource method addOrUpdateRoleUsers.

private Response addOrUpdateRoleUsers(Long roleId, Set<Long> userIds) {
    List<UserRole> userRoles = new ArrayList<>();
    Role roleToQuery = catalogService.getRole(roleId);
    Set<Long> currentUserIds = catalogService.listUsers(roleToQuery).stream().map(User::getId).collect(Collectors.toSet());
    Set<Long> userIdsToAdd = Sets.difference(userIds, currentUserIds);
    Set<Long> userIdsToRemove = Sets.difference(currentUserIds, userIds);
    Sets.intersection(currentUserIds, userIds).forEach(userId -> {
        userRoles.add(new UserRole(userId, roleId));
    });
    userIdsToRemove.forEach(userId -> catalogService.removeUserRole(userId, roleId));
    userIdsToAdd.forEach(userId -> {
        userRoles.add(catalogService.addUserRole(userId, roleId));
    });
    return WSUtils.respondEntities(userRoles, OK);
}
Also used : UserRole(com.hortonworks.streamline.streams.security.catalog.UserRole) Role(com.hortonworks.streamline.streams.security.catalog.Role) UserRole(com.hortonworks.streamline.streams.security.catalog.UserRole) ArrayList(java.util.ArrayList)

Example 3 with Role

use of com.hortonworks.streamline.streams.security.catalog.Role in project streamline by hortonworks.

the class SecurityCatalogResource method getRoleUsers.

private Response getRoleUsers(Long roleId) {
    Role role = catalogService.getRole(roleId);
    Set<Role> rolesToQuery = new HashSet<>();
    if (role != null) {
        rolesToQuery.add(role);
        rolesToQuery.addAll(catalogService.getChildRoles(roleId));
        Set<User> res = rolesToQuery.stream().flatMap(r -> catalogService.listUsers(r).stream()).collect(Collectors.toSet());
        return WSUtils.respondEntities(res, OK);
    }
    throw EntityNotFoundException.byId(roleId.toString());
}
Also used : UserRole(com.hortonworks.streamline.streams.security.catalog.UserRole) Role(com.hortonworks.streamline.streams.security.catalog.Role) Roles(com.hortonworks.streamline.streams.security.Roles) Produces(javax.ws.rs.Produces) Date(java.util.Date) BiFunction(java.util.function.BiFunction) QueryParam(com.hortonworks.registries.common.QueryParam) LoggerFactory(org.slf4j.LoggerFactory) Path(javax.ws.rs.Path) SecurityContext(javax.ws.rs.core.SecurityContext) NewCookie(javax.ws.rs.core.NewCookie) StringUtils(org.apache.commons.lang3.StringUtils) MediaType(javax.ws.rs.core.MediaType) WSUtils(com.hortonworks.streamline.common.util.WSUtils) StreamlineAuthorizer(com.hortonworks.streamline.streams.security.StreamlineAuthorizer) EnumSet(java.util.EnumSet) DELETE(javax.ws.rs.DELETE) SecurityUtil(com.hortonworks.streamline.streams.security.SecurityUtil) WebserviceAuthorizationException(com.hortonworks.streamline.common.exception.service.exception.request.WebserviceAuthorizationException) User(com.hortonworks.streamline.streams.security.catalog.User) Context(javax.ws.rs.core.Context) Permission(com.hortonworks.streamline.streams.security.Permission) OK(javax.ws.rs.core.Response.Status.OK) Collection(java.util.Collection) Set(java.util.Set) Collectors(java.util.stream.Collectors) Sets(com.google.common.collect.Sets) Cookie(javax.ws.rs.core.Cookie) Timed(com.codahale.metrics.annotation.Timed) AuthenticatedURL(org.apache.hadoop.security.authentication.client.AuthenticatedURL) List(java.util.List) Principal(java.security.Principal) Response(javax.ws.rs.core.Response) AuthenticationContext(com.hortonworks.streamline.streams.security.AuthenticationContext) UriInfo(javax.ws.rs.core.UriInfo) CREATED(javax.ws.rs.core.Response.Status.CREATED) ROLE_SECURITY_ADMIN(com.hortonworks.streamline.streams.security.Roles.ROLE_SECURITY_ADMIN) PathParam(javax.ws.rs.PathParam) EntityNotFoundException(com.hortonworks.streamline.common.exception.service.exception.request.EntityNotFoundException) GET(javax.ws.rs.GET) ArrayList(java.util.ArrayList) HashSet(java.util.HashSet) USER(com.hortonworks.streamline.streams.security.catalog.AclEntry.SidType.USER) UserRole(com.hortonworks.streamline.streams.security.catalog.UserRole) AclEntry(com.hortonworks.streamline.streams.security.catalog.AclEntry) Logger(org.slf4j.Logger) POST(javax.ws.rs.POST) ROLE(com.hortonworks.streamline.streams.security.catalog.AclEntry.SidType.ROLE) MultivaluedMap(javax.ws.rs.core.MultivaluedMap) PUT(javax.ws.rs.PUT) RoleHierarchy(com.hortonworks.streamline.streams.security.catalog.RoleHierarchy) Role(com.hortonworks.streamline.streams.security.catalog.Role) User(com.hortonworks.streamline.streams.security.catalog.User) HashSet(java.util.HashSet)

Example 4 with Role

use of com.hortonworks.streamline.streams.security.catalog.Role in project streamline by hortonworks.

the class SecurityCatalogResource method addOrUpdateRole.

@PUT
@Path("/roles/{id}")
@Timed
public Response addOrUpdateRole(@PathParam("id") Long roleId, Role role, @Context SecurityContext securityContext) {
    SecurityUtil.checkRole(authorizer, securityContext, ROLE_SECURITY_ADMIN);
    Role newRole = catalogService.addOrUpdateRole(roleId, role);
    return WSUtils.respondEntity(newRole, OK);
}
Also used : UserRole(com.hortonworks.streamline.streams.security.catalog.UserRole) Role(com.hortonworks.streamline.streams.security.catalog.Role) Path(javax.ws.rs.Path) Timed(com.codahale.metrics.annotation.Timed) PUT(javax.ws.rs.PUT)

Example 5 with Role

use of com.hortonworks.streamline.streams.security.catalog.Role in project streamline by hortonworks.

the class SecurityCatalogService method checkUserPermissions.

public boolean checkUserPermissions(String objectNamespace, Long objectId, Long userId, EnumSet<Permission> required) {
    User user = getUser(userId);
    if (user == null) {
        return false;
    }
    EnumSet<Permission> remaining = EnumSet.copyOf(required);
    // try direct user acl entry first
    List<QueryParam> qps = QueryParam.params(AclEntry.OBJECT_NAMESPACE, objectNamespace, AclEntry.OBJECT_ID, String.valueOf(objectId), AclEntry.SID_TYPE, USER.toString(), AclEntry.SID_ID, String.valueOf(userId));
    Collection<AclEntry> acls = listAcls(qps);
    if (acls.size() > 1) {
        throw new IllegalStateException("More than one ACL entry for " + qps);
    } else if (acls.size() == 1) {
        AclEntry aclEntry = acls.iterator().next();
        remaining.removeAll(aclEntry.getPermissions());
    }
    // try role based permissions next
    if (!remaining.isEmpty() && user.getRoles() != null) {
        qps = QueryParam.params(AclEntry.OBJECT_NAMESPACE, objectNamespace, AclEntry.OBJECT_ID, String.valueOf(objectId), AclEntry.SID_TYPE, AclEntry.SidType.ROLE.toString());
        acls = listAcls(qps);
        Set<Role> userRoles = getAllUserRoles(user);
        Iterator<AclEntry> it = acls.iterator();
        while (!remaining.isEmpty() && it.hasNext()) {
            AclEntry roleEntry = it.next();
            if (userRoles.contains(getRole(roleEntry.getSidId()))) {
                remaining.removeAll(roleEntry.getPermissions());
            }
        }
    }
    return remaining.isEmpty();
}
Also used : UserRole(com.hortonworks.streamline.streams.security.catalog.UserRole) Role(com.hortonworks.streamline.streams.security.catalog.Role) User(com.hortonworks.streamline.streams.security.catalog.User) QueryParam(com.hortonworks.registries.common.QueryParam) Permission(com.hortonworks.streamline.streams.security.Permission) AclEntry(com.hortonworks.streamline.streams.security.catalog.AclEntry)

Aggregations

Role (com.hortonworks.streamline.streams.security.catalog.Role)17 UserRole (com.hortonworks.streamline.streams.security.catalog.UserRole)14 User (com.hortonworks.streamline.streams.security.catalog.User)9 Timed (com.codahale.metrics.annotation.Timed)6 QueryParam (com.hortonworks.registries.common.QueryParam)6 AclEntry (com.hortonworks.streamline.streams.security.catalog.AclEntry)6 Path (javax.ws.rs.Path)6 Permission (com.hortonworks.streamline.streams.security.Permission)5 RoleHierarchy (com.hortonworks.streamline.streams.security.catalog.RoleHierarchy)4 POST (javax.ws.rs.POST)4 StorableKey (com.hortonworks.registries.storage.StorableKey)3 AuthenticationContext (com.hortonworks.streamline.streams.security.AuthenticationContext)3 Roles (com.hortonworks.streamline.streams.security.Roles)3 SecurityUtil (com.hortonworks.streamline.streams.security.SecurityUtil)3 StreamlineAuthorizer (com.hortonworks.streamline.streams.security.StreamlineAuthorizer)3 ArrayList (java.util.ArrayList)3 EnumSet (java.util.EnumSet)3 Set (java.util.Set)3 Collectors (java.util.stream.Collectors)3 DELETE (javax.ws.rs.DELETE)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial