Examples with Credential io.cdap.cdap.proto.security.Credential used on opensource projects

Search in sources :

Example 36 with Credential

use of io.cdap.cdap.proto.security.Credential in project cdap by cdapio.

the class GCPRemoteAuthenticatorTest method testRemoteAuthenticatorRefreshesExpiredAccessToken.

@Test
public void testRemoteAuthenticatorRefreshesExpiredAccessToken() throws Exception {
    String expiredAccessTokenValue = "expired-access-token";
    String accessTokenValue = "access-token";
    // This is just an arbitrary fixed point in time.
    Instant fixedInstant = Instant.ofEpochSecond(1646358109);
    Clock fixedClock = Clock.fixed(fixedInstant, ZoneId.systemDefault());
    GoogleCredentials mockGoogleCredentials = mock(GoogleCredentials.class);
    AccessToken expiredAccessToken = new AccessToken(expiredAccessTokenValue, Date.from(fixedInstant.minus(Duration.ofHours(1))));
    AccessToken accessToken = new AccessToken(accessTokenValue, Date.from(fixedInstant.plus(Duration.ofHours(1))));
    when(mockGoogleCredentials.refreshAccessToken()).thenReturn(accessToken);
    GCPRemoteAuthenticator gcpRemoteAuthenticator = new GCPRemoteAuthenticator(mockGoogleCredentials, fixedClock, expiredAccessToken);
    // Verify expected credential value and that refresh was called exactly once.
    Credential credential = gcpRemoteAuthenticator.getCredentials();
    Assert.assertEquals(accessTokenValue, credential.getValue());
    verify(mockGoogleCredentials, times(1)).refreshAccessToken();
}
Also used : Credential(io.cdap.cdap.proto.security.Credential) AccessToken(com.google.auth.oauth2.AccessToken) Instant(java.time.Instant) GoogleCredentials(com.google.auth.oauth2.GoogleCredentials) Clock(java.time.Clock) Test(org.junit.Test)

Example 37 with Credential

use of io.cdap.cdap.proto.security.Credential in project cdap by cdapio.

the class GCPRemoteAuthenticatorTest method testRemoteAuthenticatorRefreshesNullAccessToken.

@Test
public void testRemoteAuthenticatorRefreshesNullAccessToken() throws Exception {
    String accessTokenValue = "access-token";
    // This is just an arbitrary fixed point in time.
    Instant fixedInstant = Instant.ofEpochSecond(1646358109);
    Clock fixedClock = Clock.fixed(fixedInstant, ZoneId.systemDefault());
    GoogleCredentials mockGoogleCredentials = mock(GoogleCredentials.class);
    AccessToken accessToken = new AccessToken(accessTokenValue, Date.from(fixedInstant.plus(Duration.ofHours(1))));
    when(mockGoogleCredentials.refreshAccessToken()).thenReturn(accessToken);
    GCPRemoteAuthenticator gcpRemoteAuthenticator = new GCPRemoteAuthenticator(mockGoogleCredentials, fixedClock, null);
    // Verify expected credential value and that refresh was called exactly once.
    Credential credential = gcpRemoteAuthenticator.getCredentials();
    Assert.assertEquals(accessTokenValue, credential.getValue());
    verify(mockGoogleCredentials, times(1)).refreshAccessToken();
}
Also used : Credential(io.cdap.cdap.proto.security.Credential) AccessToken(com.google.auth.oauth2.AccessToken) Instant(java.time.Instant) GoogleCredentials(com.google.auth.oauth2.GoogleCredentials) Clock(java.time.Clock) Test(org.junit.Test)

Example 38 with Credential

use of io.cdap.cdap.proto.security.Credential in project cdap by caskdata.

the class SystemAuthenticationContext method getPrincipal.

@Override
public Principal getPrincipal() {
    // Normally userID and userCredentials should be either null or non-null.
    // For non-null, they are either user or internal user credentials, so propagated as is.
    // For null, it means system originated requests, user and generate a credential as internal user.
    // 
    // It is possible that userID is non-null while userCredential is null, this can happen when we want
    // to launch programs as a userID that is stored in program options' system args. As user credential
    // is currently not stored there, we cannot launch program as the targeted user, instead we run program
    // using system internal identity. We rely on authorization being performed at http handler level upon
    // receiving request.
    String userId = SecurityRequestContext.getUserId();
    Credential userCredential = SecurityRequestContext.getUserCredential();
    if (userId != null && userCredential != null) {
        return new Principal(userId, Principal.PrincipalType.USER, userCredential);
    } else if (userId != null && userCredential == null) {
        LOG.warn("Unexpected SecurityRequestContext state, userId = {} while userCredential = NULL", userId);
    } else if (userId == null && userCredential != null) {
        LOG.warn("Unexpected SecurityRequestContext state, userId = NULL while userCredential = {}", userCredential);
    }
    try {
        userId = UserGroupInformation.getCurrentUser().getShortUserName();
    } catch (IOException e) {
        throw Throwables.propagate(e);
    }
    long currentTimestamp = System.currentTimeMillis();
    UserIdentity identity = new UserIdentity(userId, UserIdentity.IdentifierType.INTERNAL, Collections.emptyList(), currentTimestamp, currentTimestamp + DEFAULT_EXPIRATION);
    AccessToken accessToken = tokenManager.signIdentifier(identity);
    String encodedAccessToken;
    try {
        encodedAccessToken = Base64.getEncoder().encodeToString(accessTokenCodec.encode(accessToken));
        Credential credential = new Credential(encodedAccessToken, Credential.CredentialType.INTERNAL);
        return new Principal(userId, Principal.PrincipalType.USER, credential);
    } catch (IOException e) {
        throw new RuntimeException("Unexpected failure while creating internal system identity", e);
    }
}
Also used : Credential(io.cdap.cdap.proto.security.Credential) AccessToken(io.cdap.cdap.security.auth.AccessToken) UserIdentity(io.cdap.cdap.security.auth.UserIdentity) IOException(java.io.IOException) Principal(io.cdap.cdap.proto.security.Principal)

Example 39 with Credential

use of io.cdap.cdap.proto.security.Credential in project cdap by caskdata.

the class AuthenticationTestContext method actAsPrincipal.

/**
 * Sets the principal for this test authentication context.
 * @param principal The principal to act as
 */
public static void actAsPrincipal(Principal principal) {
    System.setProperty(PRINCIPAL_NAME, principal.getName());
    Credential credential = principal.getFullCredential();
    if (credential != null) {
        System.setProperty(PRINCIPAL_CREDENTIAL_TYPE, credential.getType().name());
        System.setProperty(PRINCIPAL_CREDENTIAL_VALUE, credential.getValue());
    }
}
Also used : Credential(io.cdap.cdap.proto.security.Credential)

Example 40 with Credential

use of io.cdap.cdap.proto.security.Credential in project cdap by caskdata.

the class WorkerAuthenticationContext method getPrincipal.

/**
 * Return {@link Principal} associated with current request stored in {@link SecurityRequestContext}.
 * Typically, there is always a {@link Principal} as worker normally performs some operations on behalf of
 * end user, thus the {@link Principal} should capture the credential of end user. But when there is none,
 * use placeholder values to construct the {@link Principal}.
 */
@Override
public Principal getPrincipal() {
    // By default, assume the principal comes from a user request and handle accordingly using SecurityRequestContext.
    String userId = SecurityRequestContext.getUserId();
    Credential userCredential = SecurityRequestContext.getUserCredential();
    if (userId != null && userCredential != null) {
        return new Principal(userId, Principal.PrincipalType.USER, userCredential);
    }
    return EMPTY_PRINCIPAL;
}
Also used : Credential(io.cdap.cdap.proto.security.Credential) Principal(io.cdap.cdap.proto.security.Principal)

Aggregations

Credential (io.cdap.cdap.proto.security.Credential)79 Principal (io.cdap.cdap.proto.security.Principal)58 Test (org.junit.Test)53 NamespaceId (io.cdap.cdap.proto.id.NamespaceId)32 UserIdentity (io.cdap.cdap.security.auth.UserIdentity)26 EntityId (io.cdap.cdap.proto.id.EntityId)12 AccessController (io.cdap.cdap.security.spi.authorization.AccessController)10 NoOpAccessController (io.cdap.cdap.security.spi.authorization.NoOpAccessController)10 TinkCipher (io.cdap.cdap.security.auth.TinkCipher)8 CConfiguration (io.cdap.cdap.common.conf.CConfiguration)6 SConfiguration (io.cdap.cdap.common.conf.SConfiguration)6 HttpHeaders (io.netty.handler.codec.http.HttpHeaders)6 IOException (java.io.IOException)6 HttpURLConnection (java.net.HttpURLConnection)6 ArtifactSummary (io.cdap.cdap.api.artifact.ArtifactSummary)4 PreviewRequest (io.cdap.cdap.app.preview.PreviewRequest)4 RemoteClient (io.cdap.cdap.common.internal.remote.RemoteClient)4 RemoteClientFactory (io.cdap.cdap.common.internal.remote.RemoteClientFactory)4 AppRequest (io.cdap.cdap.proto.artifact.AppRequest)4 PreviewConfig (io.cdap.cdap.proto.artifact.preview.PreviewConfig)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial