Search in sources :

Example 16 with UsernamePrincipal

use of com.thinkbiganalytics.security.UsernamePrincipal in project kylo by Teradata.

the class DefaultKyloJaasAuthenticationProvider method createSubject.

private Subject createSubject(Authentication auth) {
    Set<Principal> principals = auth.getAuthorities().stream().filter(grant -> grant instanceof JaasGrantedAuthority).map(JaasGrantedAuthority.class::cast).map(jga -> jga.getPrincipal()).collect(Collectors.toCollection(HashSet::new));
    principals.add(new UsernamePrincipal(auth.getName()));
    Subject subject = Subject.getSubject(AccessController.getContext());
    if (subject == null) {
        return new Subject(false, principals, new HashSet<>(), new HashSet<>());
    } else {
        subject.getPrincipals().addAll(principals);
        return subject;
    }
}
Also used : LoginException(javax.security.auth.login.LoginException) Logger(org.slf4j.Logger) UsernamePrincipal(com.thinkbiganalytics.security.UsernamePrincipal) JaasAuthenticationToken(org.springframework.security.authentication.jaas.JaasAuthenticationToken) LoggerFactory(org.slf4j.LoggerFactory) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) Set(java.util.Set) IOException(java.io.IOException) DefaultJaasAuthenticationProvider(org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider) Collectors(java.util.stream.Collectors) Subject(javax.security.auth.Subject) LoginContext(javax.security.auth.login.LoginContext) HashSet(java.util.HashSet) List(java.util.List) Principal(java.security.Principal) CallbackHandler(javax.security.auth.callback.CallbackHandler) SecurityContext(org.springframework.security.core.context.SecurityContext) Optional(java.util.Optional) Authentication(org.springframework.security.core.Authentication) SessionDestroyedEvent(org.springframework.security.core.session.SessionDestroyedEvent) AccessController(java.security.AccessController) JaasAuthenticationCallbackHandler(org.springframework.security.authentication.jaas.JaasAuthenticationCallbackHandler) JaasGrantedAuthority(org.springframework.security.authentication.jaas.JaasGrantedAuthority) Callback(javax.security.auth.callback.Callback) UsernamePrincipal(com.thinkbiganalytics.security.UsernamePrincipal) JaasGrantedAuthority(org.springframework.security.authentication.jaas.JaasGrantedAuthority) UsernamePrincipal(com.thinkbiganalytics.security.UsernamePrincipal) Principal(java.security.Principal) Subject(javax.security.auth.Subject)

Example 17 with UsernamePrincipal

use of com.thinkbiganalytics.security.UsernamePrincipal in project kylo by Teradata.

the class JcrProjectProvider method getProjectOwnerPlusRole.

private Set<UsernamePrincipal> getProjectOwnerPlusRole(String systemName, String accessControl) {
    Optional<Project> proj = findProjectByName(systemName);
    if (proj.isPresent()) {
        Project domain = proj.get();
        Set<UsernamePrincipal> result = getProjectMembersWithRole(domain, accessControl);
        // Owners can read...
        result.add((UsernamePrincipal) domain.getOwner());
        return result;
    } else {
        return ImmutableSet.of();
    }
}
Also used : UsernamePrincipal(com.thinkbiganalytics.security.UsernamePrincipal) JcrProject(com.thinkbiganalytics.metadata.modeshape.project.JcrProject) Project(com.thinkbiganalytics.metadata.api.project.Project)

Example 18 with UsernamePrincipal

use of com.thinkbiganalytics.security.UsernamePrincipal in project kylo by Teradata.

the class JcrProjectProvider method getProjectMembersWithRoleById.

@Override
public Set<UsernamePrincipal> getProjectMembersWithRoleById(String id, String rolename) {
    Set<UsernamePrincipal> users = Sets.newHashSet();
    Project project = findById(new JcrProject.ProjectId(id));
    return getProjectMembersWithRole(project, rolename);
}
Also used : UsernamePrincipal(com.thinkbiganalytics.security.UsernamePrincipal) JcrProject(com.thinkbiganalytics.metadata.modeshape.project.JcrProject) JcrProject(com.thinkbiganalytics.metadata.modeshape.project.JcrProject) Project(com.thinkbiganalytics.metadata.api.project.Project)

Example 19 with UsernamePrincipal

use of com.thinkbiganalytics.security.UsernamePrincipal in project kylo by Teradata.

the class SecurityModelTransform method applyAccessControl.

public void applyAccessControl(AccessControlled domain, EntityAccessControl restModel) {
    if (domain.getAllowedActions() != null && domain.getAllowedActions().getAvailableActions() != null) {
        ActionGroup allowed = toActionGroup(null).apply(domain.getAllowedActions());
        restModel.setAllowedActions(allowed);
    }
    if (domain.getRoleMemberships() != null) {
        Map<String, RoleMembership> roleAssignmentMap = new HashMap<>();
        domain.getRoleMemberships().stream().forEach(membership -> {
            String systemRoleName = membership.getRole().getSystemName();
            String name = membership.getRole().getTitle();
            String desc = membership.getRole().getDescription();
            membership.getMembers().stream().forEach(member -> {
                roleAssignmentMap.putIfAbsent(systemRoleName, new RoleMembership(systemRoleName, name, desc));
                RoleMembership accessRoleAssignment = roleAssignmentMap.get(systemRoleName);
                if (member instanceof UsernamePrincipal) {
                    accessRoleAssignment.addUser(member.getName());
                } else {
                    accessRoleAssignment.addGroup(member.getName());
                }
            });
        });
        restModel.setRoleMemberships(Lists.newArrayList(roleAssignmentMap.values()));
    }
    Principal owner = domain.getOwner();
    Optional<User> userPrincipal = userService.getUser(owner.getName());
    if (userPrincipal.isPresent()) {
        restModel.setOwner(userPrincipal.get());
    }
}
Also used : UsernamePrincipal(com.thinkbiganalytics.security.UsernamePrincipal) User(com.thinkbiganalytics.security.rest.model.User) ActionGroup(com.thinkbiganalytics.security.rest.model.ActionGroup) HashMap(java.util.HashMap) RoleMembership(com.thinkbiganalytics.security.rest.model.RoleMembership) GroupPrincipal(com.thinkbiganalytics.security.GroupPrincipal) UsernamePrincipal(com.thinkbiganalytics.security.UsernamePrincipal) Principal(java.security.Principal)

Example 20 with UsernamePrincipal

use of com.thinkbiganalytics.security.UsernamePrincipal in project kylo by Teradata.

the class AclPrincipalTypeUpgradeAction method upgrade.

private void upgrade(JcrAllowedActions allowed, Set<String> groupNames) {
    allowed.streamActions().forEach(action -> {
        allowed.getPrincipalsAllowedAll(action).stream().filter(this::isUpgradable).forEach(principal -> {
            // If the principal name does not match a group name then assume it is a user.
            if (groupNames.contains(principal.getName())) {
                GroupPrincipal group = new GroupPrincipal(principal.getName());
                allowed.enable(group, action);
            } else {
                UsernamePrincipal newPrincipal = new UsernamePrincipal(principal.getName());
                allowed.enable(newPrincipal, action);
            }
        });
    });
    allowed.streamActions().forEach(action -> {
        allowed.getPrincipalsAllowedAll(action).stream().filter(this::isUpgradable).forEach(principal -> {
            // If the principal name does not match a group name then assume it is a user.
            if (!(principal instanceof UsernamePrincipal || principal instanceof Group)) {
                allowed.disable(new RemovedPrincipal(principal), action);
            }
        });
    });
}
Also used : UsernamePrincipal(com.thinkbiganalytics.security.UsernamePrincipal) Group(java.security.acl.Group) UserGroup(com.thinkbiganalytics.metadata.api.user.UserGroup) GroupPrincipal(com.thinkbiganalytics.security.GroupPrincipal)

Aggregations

UsernamePrincipal (com.thinkbiganalytics.security.UsernamePrincipal)20 GroupPrincipal (com.thinkbiganalytics.security.GroupPrincipal)9 Principal (java.security.Principal)5 Subject (javax.security.auth.Subject)5 Project (com.thinkbiganalytics.metadata.api.project.Project)3 JcrProject (com.thinkbiganalytics.metadata.modeshape.project.JcrProject)3 NameCallback (javax.security.auth.callback.NameCallback)3 PasswordCallback (javax.security.auth.callback.PasswordCallback)3 MetadataRepositoryException (com.thinkbiganalytics.metadata.modeshape.MetadataRepositoryException)2 JcrAllowedActions (com.thinkbiganalytics.metadata.modeshape.security.action.JcrAllowedActions)2 SecurityRole (com.thinkbiganalytics.security.role.SecurityRole)2 List (java.util.List)2 Node (javax.jcr.Node)2 RepositoryException (javax.jcr.RepositoryException)2 Session (javax.jcr.Session)2 Test (org.testng.annotations.Test)2 ImmutableSet (com.google.common.collect.ImmutableSet)1 Sets (com.google.common.collect.Sets)1 MetadataException (com.thinkbiganalytics.metadata.api.MetadataException)1 OpsManagerFeed (com.thinkbiganalytics.metadata.api.feed.OpsManagerFeed)1