Example 31 with Credential
use of io.cdap.cdap.proto.security.Credential in project cdap by cdapio.
the class InternalAccessEnforcerTest method testInternalAccessEnforceOnParentSuccess.
@Test
public void testInternalAccessEnforceOnParentSuccess() throws IOException {
NamespaceId ns = new NamespaceId("namespace");
long currentTime = System.currentTimeMillis();
UserIdentity userIdentity = new UserIdentity(SYSTEM_PRINCIPAL, UserIdentity.IdentifierType.INTERNAL, Collections.emptyList(), currentTime, currentTime + 5 * MINUTE_MILLIS);
String encodedIdentity = Base64.getEncoder().encodeToString(accessTokenCodec.encode(tokenManager.signIdentifier(userIdentity)));
Credential credential = new Credential(encodedIdentity, Credential.CredentialType.INTERNAL);
Principal principal = new Principal(SYSTEM_PRINCIPAL, Principal.PrincipalType.USER, null, credential);
internalAccessEnforcer.enforceOnParent(EntityType.APPLICATION, ns, principal, StandardPermission.GET);
}
Also used :
Credential(io.cdap.cdap.proto.security.Credential)
UserIdentity(io.cdap.cdap.security.auth.UserIdentity)
NamespaceId(io.cdap.cdap.proto.id.NamespaceId)
Principal(io.cdap.cdap.proto.security.Principal)
Test(org.junit.Test)
Example 32 with Credential
use of io.cdap.cdap.proto.security.Credential in project cdap by cdapio.
the class AuthenticationContextModules method loadRemoteCredentials.
private Credential loadRemoteCredentials(CConfiguration cConf) {
Path secretFile = Paths.get(Constants.Security.Authentication.RUNTIME_TOKEN_FILE);
if (Files.exists(secretFile)) {
try {
String token = new String(Files.readAllBytes(secretFile), StandardCharsets.UTF_8);
return new Credential(token, Credential.CredentialType.INTERNAL);
} catch (IOException e) {
throw new IllegalStateException("Can't read runtime token file", e);
}
}
String token = cConf.get(Constants.Security.Authentication.RUNTIME_TOKEN);
return token == null ? null : new Credential(token, Credential.CredentialType.INTERNAL);
}
Also used :
Path(java.nio.file.Path)
Credential(io.cdap.cdap.proto.security.Credential)
IOException(java.io.IOException)
Example 33 with Credential
use of io.cdap.cdap.proto.security.Credential in project cdap by cdapio.
the class AuthenticationTestContext method actAsPrincipal.
/**
* Sets the principal for this test authentication context.
* @param principal The principal to act as
*/
public static void actAsPrincipal(Principal principal) {
System.setProperty(PRINCIPAL_NAME, principal.getName());
Credential credential = principal.getFullCredential();
if (credential != null) {
System.setProperty(PRINCIPAL_CREDENTIAL_TYPE, credential.getType().name());
System.setProperty(PRINCIPAL_CREDENTIAL_VALUE, credential.getValue());
}
}
Also used :
Credential(io.cdap.cdap.proto.security.Credential)
Example 34 with Credential
use of io.cdap.cdap.proto.security.Credential in project cdap by cdapio.
the class MasterAuthenticationContext method getPrincipal.
@Override
public Principal getPrincipal() {
// When requests come in via rest endpoints, the userId is updated inside SecurityRequestContext, so give that
// precedence.
String userId = SecurityRequestContext.getUserId();
Credential userCredential = SecurityRequestContext.getUserCredential();
// the UserGroupInformation, which will be the user that the master is running as.
if (userId == null) {
try {
userId = UserGroupInformation.getCurrentUser().getShortUserName();
} catch (IOException e) {
throw Throwables.propagate(e);
}
}
return new Principal(userId, Principal.PrincipalType.USER, userCredential);
}
Also used :
Credential(io.cdap.cdap.proto.security.Credential)
IOException(java.io.IOException)
Principal(io.cdap.cdap.proto.security.Principal)
Example 35 with Credential
use of io.cdap.cdap.proto.security.Credential in project cdap by cdapio.
the class WorkerAuthenticationContext method getPrincipal.
/**
* Return {@link Principal} associated with current request stored in {@link SecurityRequestContext}.
* Typically, there is always a {@link Principal} as worker normally performs some operations on behalf of
* end user, thus the {@link Principal} should capture the credential of end user. But when there is none,
* use placeholder values to construct the {@link Principal}.
*/
@Override
public Principal getPrincipal() {
// By default, assume the principal comes from a user request and handle accordingly using SecurityRequestContext.
String userId = SecurityRequestContext.getUserId();
Credential userCredential = SecurityRequestContext.getUserCredential();
if (userId != null && userCredential != null) {
return new Principal(userId, Principal.PrincipalType.USER, userCredential);
}
return EMPTY_PRINCIPAL;
}
Also used :
Credential(io.cdap.cdap.proto.security.Credential)
Principal(io.cdap.cdap.proto.security.Principal)
Aggregations
Credential (io.cdap.cdap.proto.security.Credential)79
Principal (io.cdap.cdap.proto.security.Principal)58
Test (org.junit.Test)53
NamespaceId (io.cdap.cdap.proto.id.NamespaceId)32
UserIdentity (io.cdap.cdap.security.auth.UserIdentity)26
EntityId (io.cdap.cdap.proto.id.EntityId)12
AccessController (io.cdap.cdap.security.spi.authorization.AccessController)10
NoOpAccessController (io.cdap.cdap.security.spi.authorization.NoOpAccessController)10
TinkCipher (io.cdap.cdap.security.auth.TinkCipher)8
CConfiguration (io.cdap.cdap.common.conf.CConfiguration)6
SConfiguration (io.cdap.cdap.common.conf.SConfiguration)6
HttpHeaders (io.netty.handler.codec.http.HttpHeaders)6
IOException (java.io.IOException)6
HttpURLConnection (java.net.HttpURLConnection)6
ArtifactSummary (io.cdap.cdap.api.artifact.ArtifactSummary)4
PreviewRequest (io.cdap.cdap.app.preview.PreviewRequest)4
RemoteClient (io.cdap.cdap.common.internal.remote.RemoteClient)4
RemoteClientFactory (io.cdap.cdap.common.internal.remote.RemoteClientFactory)4
AppRequest (io.cdap.cdap.proto.artifact.AppRequest)4
PreviewConfig (io.cdap.cdap.proto.artifact.preview.PreviewConfig)4
