Search in sources :

Example 16 with CloudbreakUser

use of com.sequenceiq.cloudbreak.common.user.CloudbreakUser in project cloudbreak by hortonworks.

the class ScimAccountGroupReaderFilter method doFilterInternal.

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (authentication != null) {
        CloudbreakUser user = authenticationService.getCloudbreakUser(authentication);
        request.setAttribute("user", user);
    }
    filterChain.doFilter(request, response);
}
Also used : Authentication(org.springframework.security.core.Authentication) CloudbreakUser(com.sequenceiq.cloudbreak.common.user.CloudbreakUser)

Example 17 with CloudbreakUser

use of com.sequenceiq.cloudbreak.common.user.CloudbreakUser in project cloudbreak by hortonworks.

the class UmsAuthenticationService method getCloudbreakUser.

@Override
public CloudbreakUser getCloudbreakUser(String userCrn, String principal) {
    String requestId = MDCBuilder.getOrGenerateRequestId();
    Crn crn;
    try {
        crn = Crn.safeFromString(userCrn);
    } catch (NullPointerException | CrnParseException e) {
        throw new UmsAuthenticationException(String.format("Invalid CRN has been provided: %s", userCrn));
    }
    CloudbreakUser cloudbreakUser;
    switch(crn.getResourceType()) {
        case USER:
            if (RegionAwareInternalCrnGeneratorUtil.isInternalCrn(userCrn)) {
                return RegionAwareInternalCrnGeneratorUtil.createInternalCrnUser(Crn.fromString(userCrn));
            } else {
                User userInfo = umsClient.getUserDetails(userCrn, Optional.ofNullable(requestId), regionAwareInternalCrnGeneratorFactory);
                String userName = principal != null ? principal : userInfo.getEmail();
                cloudbreakUser = new CloudbreakUser(userInfo.getUserId(), userCrn, userName, userInfo.getEmail(), crn.getAccountId());
            }
            break;
        case MACHINE_USER:
            MachineUser machineUserInfo = umsClient.getMachineUserDetails(userCrn, Crn.fromString(userCrn).getAccountId(), Optional.ofNullable(requestId), regionAwareInternalCrnGeneratorFactory);
            String machineUserName = principal != null ? principal : machineUserInfo.getMachineUserName();
            cloudbreakUser = new CloudbreakUser(machineUserInfo.getMachineUserId(), userCrn, machineUserName, machineUserInfo.getMachineUserName(), crn.getAccountId());
            break;
        default:
            throw new UmsAuthenticationException(String.format("Authentication is supported only with User and MachineUser CRN: %s", userCrn));
    }
    return cloudbreakUser;
}
Also used : CrnParseException(com.sequenceiq.cloudbreak.auth.crn.CrnParseException) UmsAuthenticationException(com.sequenceiq.cloudbreak.auth.altus.exception.UmsAuthenticationException) User(com.cloudera.thunderhead.service.usermanagement.UserManagementProto.User) MachineUser(com.cloudera.thunderhead.service.usermanagement.UserManagementProto.MachineUser) CrnUser(com.sequenceiq.cloudbreak.auth.CrnUser) CloudbreakUser(com.sequenceiq.cloudbreak.common.user.CloudbreakUser) CloudbreakUser(com.sequenceiq.cloudbreak.common.user.CloudbreakUser) MachineUser(com.cloudera.thunderhead.service.usermanagement.UserManagementProto.MachineUser) Crn(com.sequenceiq.cloudbreak.auth.crn.Crn)

Example 18 with CloudbreakUser

use of com.sequenceiq.cloudbreak.common.user.CloudbreakUser in project cloudbreak by hortonworks.

the class AccountIdBasedPermissionEvaluator method hasPermission.

@Override
public boolean hasPermission(Authentication authentication, Object target, Object permission) {
    if (target instanceof Optional) {
        target = ((Optional<?>) target).orElse(null);
    }
    if (target == null) {
        return false;
    }
    if (authentication == null) {
        return false;
    }
    CloudbreakUser user = authService.getCloudbreakUser(authentication);
    Collection<?> targets = target instanceof Collection ? (Collection<?>) target : Collections.singleton(target);
    return targets.stream().allMatch(t -> hasPermission(user, t));
}
Also used : Optional(java.util.Optional) Collection(java.util.Collection) CloudbreakUser(com.sequenceiq.cloudbreak.common.user.CloudbreakUser)

Example 19 with CloudbreakUser

use of com.sequenceiq.cloudbreak.common.user.CloudbreakUser in project cloudbreak by hortonworks.

the class CloudbreakUserConfiguratorFilter method doFilterInternal.

@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
    CloudbreakUser cloudbreakUser = authenticatedUserService.getCbUser(request);
    restRequestThreadLocalService.setCloudbreakUser(cloudbreakUser);
    filterChain.doFilter(request, response);
    restRequestThreadLocalService.removeCloudbreakUser();
}
Also used : CloudbreakUser(com.sequenceiq.cloudbreak.common.user.CloudbreakUser)

Example 20 with CloudbreakUser

use of com.sequenceiq.cloudbreak.common.user.CloudbreakUser in project cloudbreak by hortonworks.

the class AuditFilterTest method testDoFilterInternalWhenAuditAndNotMutating.

@Test
public void testDoFilterInternalWhenAuditAndNotMutating() throws Exception {
    when(authenticatedUserService.getCbUser(any(HttpServletRequest.class))).thenReturn(new CloudbreakUser("userid", "usercrn", "username", "useremail", "usertenant"));
    when(request.getRequestURI()).thenReturn("/as/api/v1/distrox/crn/testcrn/autoscale_config");
    when(request.getMethod()).thenReturn("GET");
    when(request.getHeader("x-real-ip")).thenReturn("127.0.0.1");
    when(request.getHeader("user-agent")).thenReturn("test-user-agent");
    underTest.doFilterInternal(request, response, filterChain);
    verify(auditService, times(1)).auditRestApi(eq(Map.of("uri", "/as/api/v1/distrox/crn/testcrn/autoscale_config")), eq(false), eq("test-user-agent"), eq("usercrn"), eq("usertenant"), eq("127.0.0.1"));
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) CloudbreakUser(com.sequenceiq.cloudbreak.common.user.CloudbreakUser) Test(org.junit.jupiter.api.Test) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Aggregations

CloudbreakUser (com.sequenceiq.cloudbreak.common.user.CloudbreakUser)47 User (com.sequenceiq.cloudbreak.workspace.model.User)24 Test (org.junit.jupiter.api.Test)10 Workspace (com.sequenceiq.cloudbreak.workspace.model.Workspace)8 Optional (java.util.Optional)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)5 Test (org.junit.Test)4 ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)4 StackV4Request (com.sequenceiq.cloudbreak.api.endpoint.v4.stacks.request.StackV4Request)3 CrnUser (com.sequenceiq.cloudbreak.auth.CrnUser)3 BadRequestException (com.sequenceiq.cloudbreak.common.exception.BadRequestException)3 Collection (java.util.Collection)3 UserManagementProto (com.cloudera.thunderhead.service.usermanagement.UserManagementProto)2 Crn (com.sequenceiq.cloudbreak.auth.crn.Crn)2 CloudCredential (com.sequenceiq.cloudbreak.cloud.model.CloudCredential)2 Json (com.sequenceiq.cloudbreak.common.json.Json)2 TransactionExecutionException (com.sequenceiq.cloudbreak.common.service.TransactionService.TransactionExecutionException)2 TransactionRuntimeExecutionException (com.sequenceiq.cloudbreak.common.service.TransactionService.TransactionRuntimeExecutionException)2 Blueprint (com.sequenceiq.cloudbreak.domain.Blueprint)2 Stack (com.sequenceiq.cloudbreak.domain.stack.Stack)2