Example 16 with User
use of com.hortonworks.streamline.streams.security.catalog.User in project streamline by hortonworks.
the class DefaultStreamlineAuthorizer method mayBeAssignAdminRole.
private void mayBeAssignAdminRole() {
LOG.info("Checking if admin users have admin role");
Role adminRole = catalogService.getRole(Roles.ROLE_ADMIN).orElseGet(() -> {
Role admin = new Role();
admin.setName("ROLE_ADMIN");
admin.setDisplayName("Admin");
admin.setDescription("Super user role that has all the system roles and privileges");
admin.setMetadata("{\"colorCode\":\"#8261be\",\"colorLabel\":\"purple\",\"icon\":\"gears\", \"menu\": [\"schemaRegistry\", \"modelRegistry\", \"udf\", \"dashboard\", \"topology\", \"authorizer\", \"notifier\", \"customprocessor\", \"servicepool\", \"environments\"], \"capabilities\": [{\"Applications\": \"Edit\"}, {\"Service Pool\": \"Edit\"}, {\"Environments\": \"Edit\"}, {\"Users\": \"Edit\"}, {\"Dashboard\": \"Edit\"}]}");
admin.setSystem(false);
return catalogService.addRole(admin);
});
adminUsers.stream().map(userName -> catalogService.getUser(userName)).filter(user -> {
if (userHasRole(user, Roles.ROLE_ADMIN)) {
LOG.info("user '{}' already has '{}'", user, Roles.ROLE_ADMIN);
return false;
} else {
return true;
}
}).forEach(user -> catalogService.addUserRole(user.getId(), adminRole.getId()));
}
Also used :
Role(com.hortonworks.streamline.streams.security.catalog.Role)
DuplicateEntityException(com.hortonworks.streamline.common.exception.DuplicateEntityException)
SecurityUtil(com.hortonworks.streamline.streams.security.SecurityUtil)
AclEntry(com.hortonworks.streamline.streams.security.catalog.AclEntry)
Roles(com.hortonworks.streamline.streams.security.Roles)
User(com.hortonworks.streamline.streams.security.catalog.User)
Logger(org.slf4j.Logger)
Permission(com.hortonworks.streamline.streams.security.Permission)
SecurityCatalogService(com.hortonworks.streamline.streams.security.service.SecurityCatalogService)
LoggerFactory(org.slf4j.LoggerFactory)
AuthorizationException(com.hortonworks.streamline.streams.security.AuthorizationException)
Set(java.util.Set)
Collectors(java.util.stream.Collectors)
Map(java.util.Map)
Optional(java.util.Optional)
AuthenticationContext(com.hortonworks.streamline.streams.security.AuthenticationContext)
StreamlineAuthorizer(com.hortonworks.streamline.streams.security.StreamlineAuthorizer)
Role(com.hortonworks.streamline.streams.security.catalog.Role)
EnumSet(java.util.EnumSet)
ExceptionUtils(org.apache.commons.lang3.exception.ExceptionUtils)
Example 17 with User
use of com.hortonworks.streamline.streams.security.catalog.User in project streamline by hortonworks.
the class SecurityCatalogResource method addUser.
@POST
@Path("/users")
@Timed
public Response addUser(User user, @Context SecurityContext securityContext) {
SecurityUtil.checkRole(authorizer, securityContext, ROLE_SECURITY_ADMIN);
User createdUser = catalogService.addUser(user);
return WSUtils.respondEntity(createdUser, CREATED);
}Example 18 with User
use of com.hortonworks.streamline.streams.security.catalog.User in project streamline by hortonworks.
the class SecurityCatalogResource method mayBeFillSidId.
// translate sid name to sid id if only name is provided
private void mayBeFillSidId(AclEntry aclEntry) {
if (aclEntry.getSidId() == null) {
if (!StringUtils.isEmpty(aclEntry.getSidName())) {
String name = aclEntry.getSidName();
if (aclEntry.getSidType() == AclEntry.SidType.USER) {
User user = catalogService.getUser(name);
if (user == null) {
throw EntityNotFoundException.byName("User name : " + name);
}
aclEntry.setSidId(user.getId());
} else {
Role role = catalogService.getRole(name).orElseThrow(() -> EntityNotFoundException.byName("Role name : " + name));
aclEntry.setSidId(role.getId());
}
} else {
throw new IllegalArgumentException("Sid id or Sid name must be provided");
}
}
}Example 19 with User
use of com.hortonworks.streamline.streams.security.catalog.User in project streamline by hortonworks.
the class SecurityCatalogResource method shouldAllowAclGet.
private boolean shouldAllowAclGet(AclEntry aclEntry, SecurityContext securityContext) {
if (SecurityUtil.hasRole(authorizer, securityContext, ROLE_SECURITY_ADMIN)) {
return true;
}
User currentUser = getCurrentUser(securityContext);
Set<Role> currentUserRoles = catalogService.getAllUserRoles(currentUser);
return matches(aclEntry, currentUser, currentUserRoles);
}Example 20 with User
use of com.hortonworks.streamline.streams.security.catalog.User in project streamline by hortonworks.
the class SecurityCatalogResource method logoutCurrentUser.
@POST
@Path("/users/current/logout")
@Timed
public Response logoutCurrentUser(@Context UriInfo uriInfo, @Context SecurityContext securityContext) throws Exception {
User currentUser = getCurrentUser(securityContext);
// Set-Cookie hadoop.auth=deleted;Version=1;Path=/;Max-Age=0;HttpOnly;Expires=Thu, 01 Jan 1970 00:00:00 GMT
Cookie cookie = new Cookie(AuthenticatedURL.AUTH_COOKIE, "deleted", "/", null);
NewCookie newCookie = new NewCookie(cookie, null, 0, new Date(0), securityContext.isSecure(), true);
return Response.status(OK).entity(currentUser).cookie(newCookie).build();
}Aggregations
User (com.hortonworks.streamline.streams.security.catalog.User)22
Role (com.hortonworks.streamline.streams.security.catalog.Role)10
AclEntry (com.hortonworks.streamline.streams.security.catalog.AclEntry)8
UserRole (com.hortonworks.streamline.streams.security.catalog.UserRole)7
Timed (com.codahale.metrics.annotation.Timed)6
QueryParam (com.hortonworks.registries.common.QueryParam)6
AuthorizationException (com.hortonworks.streamline.streams.security.AuthorizationException)6
Permission (com.hortonworks.streamline.streams.security.Permission)6
Path (javax.ws.rs.Path)6
AuthenticationContext (com.hortonworks.streamline.streams.security.AuthenticationContext)5
Roles (com.hortonworks.streamline.streams.security.Roles)4
SecurityUtil (com.hortonworks.streamline.streams.security.SecurityUtil)4
StreamlineAuthorizer (com.hortonworks.streamline.streams.security.StreamlineAuthorizer)4
Principal (java.security.Principal)4
EnumSet (java.util.EnumSet)4
Set (java.util.Set)4
Collectors (java.util.stream.Collectors)4
POST (javax.ws.rs.POST)4
Date (java.util.Date)3
DELETE (javax.ws.rs.DELETE)3
