Example 6 with User
use of com.hortonworks.streamline.streams.security.catalog.User in project streamline by hortonworks.
the class SecurityCatalogResource method deleteUser.
@DELETE
@Path("/users/{id}")
@Timed
public Response deleteUser(@PathParam("id") Long userId, @Context SecurityContext securityContext) {
SecurityUtil.checkRole(authorizer, securityContext, ROLE_SECURITY_ADMIN);
User user = catalogService.removeUser(userId);
if (user != null) {
return WSUtils.respondEntity(user, OK);
}
throw EntityNotFoundException.byId(userId.toString());
}Example 7 with User
use of com.hortonworks.streamline.streams.security.catalog.User in project streamline by hortonworks.
the class SecurityCatalogResource method addOrUpdateUser.
@PUT
@Path("/users/{id}")
@Timed
public Response addOrUpdateUser(@PathParam("id") Long userId, User user, @Context SecurityContext securityContext) {
SecurityUtil.checkRole(authorizer, securityContext, ROLE_SECURITY_ADMIN);
User newUser = catalogService.addOrUpdateUser(userId, user);
return WSUtils.respondEntity(newUser, OK);
}Example 8 with User
use of com.hortonworks.streamline.streams.security.catalog.User in project streamline by hortonworks.
the class SecurityCatalogResource method getRoleUsers.
private Response getRoleUsers(Long roleId) {
Role role = catalogService.getRole(roleId);
Set<Role> rolesToQuery = new HashSet<>();
if (role != null) {
rolesToQuery.add(role);
rolesToQuery.addAll(catalogService.getChildRoles(roleId));
Set<User> res = rolesToQuery.stream().flatMap(r -> catalogService.listUsers(r).stream()).collect(Collectors.toSet());
return WSUtils.respondEntities(res, OK);
}
throw EntityNotFoundException.byId(roleId.toString());
}
Also used :
UserRole(com.hortonworks.streamline.streams.security.catalog.UserRole)
Role(com.hortonworks.streamline.streams.security.catalog.Role)
Roles(com.hortonworks.streamline.streams.security.Roles)
Produces(javax.ws.rs.Produces)
Date(java.util.Date)
BiFunction(java.util.function.BiFunction)
QueryParam(com.hortonworks.registries.common.QueryParam)
LoggerFactory(org.slf4j.LoggerFactory)
Path(javax.ws.rs.Path)
SecurityContext(javax.ws.rs.core.SecurityContext)
NewCookie(javax.ws.rs.core.NewCookie)
StringUtils(org.apache.commons.lang3.StringUtils)
MediaType(javax.ws.rs.core.MediaType)
WSUtils(com.hortonworks.streamline.common.util.WSUtils)
StreamlineAuthorizer(com.hortonworks.streamline.streams.security.StreamlineAuthorizer)
EnumSet(java.util.EnumSet)
DELETE(javax.ws.rs.DELETE)
SecurityUtil(com.hortonworks.streamline.streams.security.SecurityUtil)
WebserviceAuthorizationException(com.hortonworks.streamline.common.exception.service.exception.request.WebserviceAuthorizationException)
User(com.hortonworks.streamline.streams.security.catalog.User)
Context(javax.ws.rs.core.Context)
Permission(com.hortonworks.streamline.streams.security.Permission)
OK(javax.ws.rs.core.Response.Status.OK)
Collection(java.util.Collection)
Set(java.util.Set)
Collectors(java.util.stream.Collectors)
Sets(com.google.common.collect.Sets)
Cookie(javax.ws.rs.core.Cookie)
Timed(com.codahale.metrics.annotation.Timed)
AuthenticatedURL(org.apache.hadoop.security.authentication.client.AuthenticatedURL)
List(java.util.List)
Principal(java.security.Principal)
Response(javax.ws.rs.core.Response)
AuthenticationContext(com.hortonworks.streamline.streams.security.AuthenticationContext)
UriInfo(javax.ws.rs.core.UriInfo)
CREATED(javax.ws.rs.core.Response.Status.CREATED)
ROLE_SECURITY_ADMIN(com.hortonworks.streamline.streams.security.Roles.ROLE_SECURITY_ADMIN)
PathParam(javax.ws.rs.PathParam)
EntityNotFoundException(com.hortonworks.streamline.common.exception.service.exception.request.EntityNotFoundException)
GET(javax.ws.rs.GET)
ArrayList(java.util.ArrayList)
HashSet(java.util.HashSet)
USER(com.hortonworks.streamline.streams.security.catalog.AclEntry.SidType.USER)
UserRole(com.hortonworks.streamline.streams.security.catalog.UserRole)
AclEntry(com.hortonworks.streamline.streams.security.catalog.AclEntry)
Logger(org.slf4j.Logger)
POST(javax.ws.rs.POST)
ROLE(com.hortonworks.streamline.streams.security.catalog.AclEntry.SidType.ROLE)
MultivaluedMap(javax.ws.rs.core.MultivaluedMap)
PUT(javax.ws.rs.PUT)
RoleHierarchy(com.hortonworks.streamline.streams.security.catalog.RoleHierarchy)
Role(com.hortonworks.streamline.streams.security.catalog.Role)
User(com.hortonworks.streamline.streams.security.catalog.User)
HashSet(java.util.HashSet)
Example 9 with User
use of com.hortonworks.streamline.streams.security.catalog.User in project streamline by hortonworks.
the class SecurityCatalogService method checkUserPermissions.
public boolean checkUserPermissions(String objectNamespace, Long objectId, Long userId, EnumSet<Permission> required) {
User user = getUser(userId);
if (user == null) {
return false;
}
EnumSet<Permission> remaining = EnumSet.copyOf(required);
// try direct user acl entry first
List<QueryParam> qps = QueryParam.params(AclEntry.OBJECT_NAMESPACE, objectNamespace, AclEntry.OBJECT_ID, String.valueOf(objectId), AclEntry.SID_TYPE, USER.toString(), AclEntry.SID_ID, String.valueOf(userId));
Collection<AclEntry> acls = listAcls(qps);
if (acls.size() > 1) {
throw new IllegalStateException("More than one ACL entry for " + qps);
} else if (acls.size() == 1) {
AclEntry aclEntry = acls.iterator().next();
remaining.removeAll(aclEntry.getPermissions());
}
// try role based permissions next
if (!remaining.isEmpty() && user.getRoles() != null) {
qps = QueryParam.params(AclEntry.OBJECT_NAMESPACE, objectNamespace, AclEntry.OBJECT_ID, String.valueOf(objectId), AclEntry.SID_TYPE, AclEntry.SidType.ROLE.toString());
acls = listAcls(qps);
Set<Role> userRoles = getAllUserRoles(user);
Iterator<AclEntry> it = acls.iterator();
while (!remaining.isEmpty() && it.hasNext()) {
AclEntry roleEntry = it.next();
if (userRoles.contains(getRole(roleEntry.getSidId()))) {
remaining.removeAll(roleEntry.getPermissions());
}
}
}
return remaining.isEmpty();
}
Also used :
UserRole(com.hortonworks.streamline.streams.security.catalog.UserRole)
Role(com.hortonworks.streamline.streams.security.catalog.Role)
User(com.hortonworks.streamline.streams.security.catalog.User)
QueryParam(com.hortonworks.registries.common.QueryParam)
Permission(com.hortonworks.streamline.streams.security.Permission)
AclEntry(com.hortonworks.streamline.streams.security.catalog.AclEntry)
Example 10 with User
use of com.hortonworks.streamline.streams.security.catalog.User in project streamline by hortonworks.
the class SecurityCatalogServiceTest method checkUserPermissions.
@Test
public void checkUserPermissions() throws Exception {
SecurityCatalogService catalogService = new SecurityCatalogService(null);
AclEntry userAclEntry = new AclEntry();
userAclEntry.setSidType(AclEntry.SidType.USER);
userAclEntry.setSidId(1L);
userAclEntry.setObjectId(1L);
userAclEntry.setObjectNamespace("topology");
userAclEntry.setPermissions(EnumSet.of(Permission.WRITE));
AclEntry roleAclEntry = new AclEntry();
roleAclEntry.setSidType(AclEntry.SidType.ROLE);
roleAclEntry.setSidId(1L);
roleAclEntry.setObjectId(1L);
roleAclEntry.setObjectNamespace("topology");
roleAclEntry.setPermissions(EnumSet.of(Permission.READ));
Role role = new Role();
role.setId(1L);
role.setName("ROLE_FOO");
List<QueryParam> qps1 = QueryParam.params(AclEntry.OBJECT_NAMESPACE, "topology", AclEntry.OBJECT_ID, "1", AclEntry.SID_TYPE, USER.toString(), AclEntry.SID_ID, "1");
List<QueryParam> qps2 = QueryParam.params(AclEntry.OBJECT_NAMESPACE, "topology", AclEntry.OBJECT_ID, "1", AclEntry.SID_TYPE, AclEntry.SidType.ROLE.toString());
User user = new User();
user.setRoles(Sets.newHashSet("ROLE_FOO"));
new Expectations(catalogService) {
{
catalogService.getUser(anyLong);
result = user;
catalogService.listAcls(qps1);
result = Arrays.asList(userAclEntry);
catalogService.getAllUserRoles(user);
result = Sets.newHashSet(role);
catalogService.listAcls(qps2);
result = Arrays.asList(roleAclEntry);
catalogService.getRole(1L);
result = role;
}
};
assertTrue(catalogService.checkUserPermissions("topology", 1L, 1L, EnumSet.of(Permission.READ)));
assertTrue(catalogService.checkUserPermissions("topology", 1L, 1L, EnumSet.of(Permission.WRITE)));
assertTrue(catalogService.checkUserPermissions("topology", 1L, 1L, EnumSet.of(Permission.WRITE, Permission.READ)));
assertFalse(catalogService.checkUserPermissions("topology", 1L, 1L, EnumSet.of(Permission.WRITE, Permission.DELETE)));
}
Also used :
Role(com.hortonworks.streamline.streams.security.catalog.Role)
Expectations(mockit.Expectations)
User(com.hortonworks.streamline.streams.security.catalog.User)
QueryParam(com.hortonworks.registries.common.QueryParam)
AclEntry(com.hortonworks.streamline.streams.security.catalog.AclEntry)
Test(org.junit.Test)
Aggregations
User (com.hortonworks.streamline.streams.security.catalog.User)22
Role (com.hortonworks.streamline.streams.security.catalog.Role)10
AclEntry (com.hortonworks.streamline.streams.security.catalog.AclEntry)8
UserRole (com.hortonworks.streamline.streams.security.catalog.UserRole)7
Timed (com.codahale.metrics.annotation.Timed)6
QueryParam (com.hortonworks.registries.common.QueryParam)6
AuthorizationException (com.hortonworks.streamline.streams.security.AuthorizationException)6
Permission (com.hortonworks.streamline.streams.security.Permission)6
Path (javax.ws.rs.Path)6
AuthenticationContext (com.hortonworks.streamline.streams.security.AuthenticationContext)5
Roles (com.hortonworks.streamline.streams.security.Roles)4
SecurityUtil (com.hortonworks.streamline.streams.security.SecurityUtil)4
StreamlineAuthorizer (com.hortonworks.streamline.streams.security.StreamlineAuthorizer)4
Principal (java.security.Principal)4
EnumSet (java.util.EnumSet)4
Set (java.util.Set)4
Collectors (java.util.stream.Collectors)4
POST (javax.ws.rs.POST)4
Date (java.util.Date)3
DELETE (javax.ws.rs.DELETE)3
