use of com.sequenceiq.cloudbreak.common.user.CloudbreakUser in project cloudbreak by hortonworks.
the class ScimAccountGroupReaderFilter method doFilterInternal.
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication != null) {
CloudbreakUser user = authenticationService.getCloudbreakUser(authentication);
request.setAttribute("user", user);
}
filterChain.doFilter(request, response);
}
use of com.sequenceiq.cloudbreak.common.user.CloudbreakUser in project cloudbreak by hortonworks.
the class UmsAuthenticationService method getCloudbreakUser.
@Override
public CloudbreakUser getCloudbreakUser(String userCrn, String principal) {
String requestId = MDCBuilder.getOrGenerateRequestId();
Crn crn;
try {
crn = Crn.safeFromString(userCrn);
} catch (NullPointerException | CrnParseException e) {
throw new UmsAuthenticationException(String.format("Invalid CRN has been provided: %s", userCrn));
}
CloudbreakUser cloudbreakUser;
switch(crn.getResourceType()) {
case USER:
if (RegionAwareInternalCrnGeneratorUtil.isInternalCrn(userCrn)) {
return RegionAwareInternalCrnGeneratorUtil.createInternalCrnUser(Crn.fromString(userCrn));
} else {
User userInfo = umsClient.getUserDetails(userCrn, Optional.ofNullable(requestId), regionAwareInternalCrnGeneratorFactory);
String userName = principal != null ? principal : userInfo.getEmail();
cloudbreakUser = new CloudbreakUser(userInfo.getUserId(), userCrn, userName, userInfo.getEmail(), crn.getAccountId());
}
break;
case MACHINE_USER:
MachineUser machineUserInfo = umsClient.getMachineUserDetails(userCrn, Crn.fromString(userCrn).getAccountId(), Optional.ofNullable(requestId), regionAwareInternalCrnGeneratorFactory);
String machineUserName = principal != null ? principal : machineUserInfo.getMachineUserName();
cloudbreakUser = new CloudbreakUser(machineUserInfo.getMachineUserId(), userCrn, machineUserName, machineUserInfo.getMachineUserName(), crn.getAccountId());
break;
default:
throw new UmsAuthenticationException(String.format("Authentication is supported only with User and MachineUser CRN: %s", userCrn));
}
return cloudbreakUser;
}
use of com.sequenceiq.cloudbreak.common.user.CloudbreakUser in project cloudbreak by hortonworks.
the class AccountIdBasedPermissionEvaluator method hasPermission.
@Override
public boolean hasPermission(Authentication authentication, Object target, Object permission) {
if (target instanceof Optional) {
target = ((Optional<?>) target).orElse(null);
}
if (target == null) {
return false;
}
if (authentication == null) {
return false;
}
CloudbreakUser user = authService.getCloudbreakUser(authentication);
Collection<?> targets = target instanceof Collection ? (Collection<?>) target : Collections.singleton(target);
return targets.stream().allMatch(t -> hasPermission(user, t));
}
use of com.sequenceiq.cloudbreak.common.user.CloudbreakUser in project cloudbreak by hortonworks.
the class CloudbreakUserConfiguratorFilter method doFilterInternal.
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
CloudbreakUser cloudbreakUser = authenticatedUserService.getCbUser(request);
restRequestThreadLocalService.setCloudbreakUser(cloudbreakUser);
filterChain.doFilter(request, response);
restRequestThreadLocalService.removeCloudbreakUser();
}
use of com.sequenceiq.cloudbreak.common.user.CloudbreakUser in project cloudbreak by hortonworks.
the class AuditFilterTest method testDoFilterInternalWhenAuditAndNotMutating.
@Test
public void testDoFilterInternalWhenAuditAndNotMutating() throws Exception {
when(authenticatedUserService.getCbUser(any(HttpServletRequest.class))).thenReturn(new CloudbreakUser("userid", "usercrn", "username", "useremail", "usertenant"));
when(request.getRequestURI()).thenReturn("/as/api/v1/distrox/crn/testcrn/autoscale_config");
when(request.getMethod()).thenReturn("GET");
when(request.getHeader("x-real-ip")).thenReturn("127.0.0.1");
when(request.getHeader("user-agent")).thenReturn("test-user-agent");
underTest.doFilterInternal(request, response, filterChain);
verify(auditService, times(1)).auditRestApi(eq(Map.of("uri", "/as/api/v1/distrox/crn/testcrn/autoscale_config")), eq(false), eq("test-user-agent"), eq("usercrn"), eq("usertenant"), eq("127.0.0.1"));
}
Aggregations