use of com.thinkbiganalytics.security.UsernamePrincipal in project kylo by Teradata.
the class DefaultKyloJaasAuthenticationProvider method createSubject.
private Subject createSubject(Authentication auth) {
Set<Principal> principals = auth.getAuthorities().stream().filter(grant -> grant instanceof JaasGrantedAuthority).map(JaasGrantedAuthority.class::cast).map(jga -> jga.getPrincipal()).collect(Collectors.toCollection(HashSet::new));
principals.add(new UsernamePrincipal(auth.getName()));
Subject subject = Subject.getSubject(AccessController.getContext());
if (subject == null) {
return new Subject(false, principals, new HashSet<>(), new HashSet<>());
} else {
subject.getPrincipals().addAll(principals);
return subject;
}
}
use of com.thinkbiganalytics.security.UsernamePrincipal in project kylo by Teradata.
the class JcrProjectProvider method getProjectOwnerPlusRole.
private Set<UsernamePrincipal> getProjectOwnerPlusRole(String systemName, String accessControl) {
Optional<Project> proj = findProjectByName(systemName);
if (proj.isPresent()) {
Project domain = proj.get();
Set<UsernamePrincipal> result = getProjectMembersWithRole(domain, accessControl);
// Owners can read...
result.add((UsernamePrincipal) domain.getOwner());
return result;
} else {
return ImmutableSet.of();
}
}
use of com.thinkbiganalytics.security.UsernamePrincipal in project kylo by Teradata.
the class JcrProjectProvider method getProjectMembersWithRoleById.
@Override
public Set<UsernamePrincipal> getProjectMembersWithRoleById(String id, String rolename) {
Set<UsernamePrincipal> users = Sets.newHashSet();
Project project = findById(new JcrProject.ProjectId(id));
return getProjectMembersWithRole(project, rolename);
}
use of com.thinkbiganalytics.security.UsernamePrincipal in project kylo by Teradata.
the class SecurityModelTransform method applyAccessControl.
public void applyAccessControl(AccessControlled domain, EntityAccessControl restModel) {
if (domain.getAllowedActions() != null && domain.getAllowedActions().getAvailableActions() != null) {
ActionGroup allowed = toActionGroup(null).apply(domain.getAllowedActions());
restModel.setAllowedActions(allowed);
}
if (domain.getRoleMemberships() != null) {
Map<String, RoleMembership> roleAssignmentMap = new HashMap<>();
domain.getRoleMemberships().stream().forEach(membership -> {
String systemRoleName = membership.getRole().getSystemName();
String name = membership.getRole().getTitle();
String desc = membership.getRole().getDescription();
membership.getMembers().stream().forEach(member -> {
roleAssignmentMap.putIfAbsent(systemRoleName, new RoleMembership(systemRoleName, name, desc));
RoleMembership accessRoleAssignment = roleAssignmentMap.get(systemRoleName);
if (member instanceof UsernamePrincipal) {
accessRoleAssignment.addUser(member.getName());
} else {
accessRoleAssignment.addGroup(member.getName());
}
});
});
restModel.setRoleMemberships(Lists.newArrayList(roleAssignmentMap.values()));
}
Principal owner = domain.getOwner();
Optional<User> userPrincipal = userService.getUser(owner.getName());
if (userPrincipal.isPresent()) {
restModel.setOwner(userPrincipal.get());
}
}
use of com.thinkbiganalytics.security.UsernamePrincipal in project kylo by Teradata.
the class AclPrincipalTypeUpgradeAction method upgrade.
private void upgrade(JcrAllowedActions allowed, Set<String> groupNames) {
allowed.streamActions().forEach(action -> {
allowed.getPrincipalsAllowedAll(action).stream().filter(this::isUpgradable).forEach(principal -> {
// If the principal name does not match a group name then assume it is a user.
if (groupNames.contains(principal.getName())) {
GroupPrincipal group = new GroupPrincipal(principal.getName());
allowed.enable(group, action);
} else {
UsernamePrincipal newPrincipal = new UsernamePrincipal(principal.getName());
allowed.enable(newPrincipal, action);
}
});
});
allowed.streamActions().forEach(action -> {
allowed.getPrincipalsAllowedAll(action).stream().filter(this::isUpgradable).forEach(principal -> {
// If the principal name does not match a group name then assume it is a user.
if (!(principal instanceof UsernamePrincipal || principal instanceof Group)) {
allowed.disable(new RemovedPrincipal(principal), action);
}
});
});
}
Aggregations