Examples with UserIdentity io.cdap.cdap.security.auth.UserIdentity used on opensource projects

Example 1 with UserIdentity

use of io.cdap.cdap.security.auth.UserIdentity in project cdap by caskdata.

the class GrantAccessToken method grantToken.

private void grantToken(HttpServletRequest request, HttpServletResponse response, long tokenValidity) throws IOException, ServletException {
    String username = request.getUserPrincipal().getName();
    List<String> userGroups = Collections.emptyList();
    long issueTime = System.currentTimeMillis();
    long expireTime = issueTime + tokenValidity;
    // Create and sign a new AccessTokenIdentifier to generate the AccessToken.
    UserIdentity tokenIdentifier = new UserIdentity(username, UserIdentity.IdentifierType.EXTERNAL, userGroups, issueTime, expireTime);
    AccessToken token = tokenManager.signIdentifier(tokenIdentifier);
    LOG.debug("Issued token for user {}", username);
    // Set response headers
    response.setContentType("application/json;charset=UTF-8");
    response.addHeader(HttpHeaderNames.CACHE_CONTROL.toString(), "no-store");
    response.addHeader(HttpHeaderNames.PRAGMA.toString(), "no-cache");
    // Set response body
    JsonObject json = new JsonObject();
    byte[] encodedIdentifier = Base64.getEncoder().encode(tokenCodec.encode(token));
    json.addProperty(ExternalAuthenticationServer.ResponseFields.ACCESS_TOKEN, new String(encodedIdentifier, Charsets.UTF_8));
    json.addProperty(ExternalAuthenticationServer.ResponseFields.TOKEN_TYPE, ExternalAuthenticationServer.ResponseFields.TOKEN_TYPE_BODY);
    json.addProperty(ExternalAuthenticationServer.ResponseFields.EXPIRES_IN, TimeUnit.SECONDS.convert(tokenValidity, TimeUnit.MILLISECONDS));
    response.getOutputStream().print(json.toString());
    response.setStatus(HttpServletResponse.SC_OK);
}

Example 2 with UserIdentity

use of io.cdap.cdap.security.auth.UserIdentity in project cdap by caskdata.

the class InternalAccessEnforcerTest method testInternalAccessEnforceNonInternalTokenType.

@Test(expected = AccessException.class)
public void testInternalAccessEnforceNonInternalTokenType() throws IOException {
    NamespaceId ns = new NamespaceId("namespace");
    long currentTime = System.currentTimeMillis();
    UserIdentity userIdentity = new UserIdentity(SYSTEM_PRINCIPAL, UserIdentity.IdentifierType.EXTERNAL, Collections.emptyList(), currentTime, currentTime + 5 * MINUTE_MILLIS);
    String encodedIdentity = Base64.getEncoder().encodeToString(accessTokenCodec.encode(tokenManager.signIdentifier(userIdentity)));
    Credential credential = new Credential(encodedIdentity, Credential.CredentialType.INTERNAL);
    Principal principal = new Principal(SYSTEM_PRINCIPAL, Principal.PrincipalType.USER, null, credential);
    internalAccessEnforcer.enforce(ns, principal, StandardPermission.GET);
}

Example 3 with UserIdentity

use of io.cdap.cdap.security.auth.UserIdentity in project cdap by caskdata.

the class InternalAccessEnforcerTest method testInternalAccessEnforceExpiredCredential.

@Test(expected = AccessException.class)
public void testInternalAccessEnforceExpiredCredential() throws IOException {
    NamespaceId ns = new NamespaceId("namespace");
    long currentTime = System.currentTimeMillis();
    UserIdentity userIdentity = new UserIdentity(SYSTEM_PRINCIPAL, UserIdentity.IdentifierType.INTERNAL, Collections.emptyList(), currentTime - 10 * MINUTE_MILLIS, currentTime - 5 * MINUTE_MILLIS);
    String encodedIdentity = Base64.getEncoder().encodeToString(accessTokenCodec.encode(tokenManager.signIdentifier(userIdentity)));
    Credential credential = new Credential(encodedIdentity, Credential.CredentialType.INTERNAL);
    Principal principal = new Principal(SYSTEM_PRINCIPAL, Principal.PrincipalType.USER, null, credential);
    internalAccessEnforcer.enforce(ns, principal, StandardPermission.GET);
}

Example 4 with UserIdentity

use of io.cdap.cdap.security.auth.UserIdentity in project cdap by caskdata.

the class InternalAccessEnforcerTest method testInternalAccessEnforceOnParentExpiredCredential.

@Test(expected = AccessException.class)
public void testInternalAccessEnforceOnParentExpiredCredential() throws IOException {
    NamespaceId ns = new NamespaceId("namespace");
    long currentTime = System.currentTimeMillis();
    UserIdentity userIdentity = new UserIdentity(SYSTEM_PRINCIPAL, UserIdentity.IdentifierType.INTERNAL, Collections.emptyList(), currentTime - 10 * MINUTE_MILLIS, currentTime - 5 * MINUTE_MILLIS);
    String encodedIdentity = Base64.getEncoder().encodeToString(accessTokenCodec.encode(tokenManager.signIdentifier(userIdentity)));
    Credential credential = new Credential(encodedIdentity, Credential.CredentialType.INTERNAL);
    Principal principal = new Principal(SYSTEM_PRINCIPAL, Principal.PrincipalType.USER, null, credential);
    internalAccessEnforcer.enforceOnParent(EntityType.APPLICATION, ns, principal, StandardPermission.GET);
}

Example 5 with UserIdentity

use of io.cdap.cdap.security.auth.UserIdentity in project cdap by caskdata.

the class InternalAccessEnforcerTest method testInternalAccessIsVisibleNonInternalTokenType.

@Test
public void testInternalAccessIsVisibleNonInternalTokenType() throws IOException {
    NamespaceId ns = new NamespaceId("namespace");
    Set<EntityId> entities = Collections.singleton(ns);
    long currentTime = System.currentTimeMillis();
    UserIdentity userIdentity = new UserIdentity(SYSTEM_PRINCIPAL, UserIdentity.IdentifierType.EXTERNAL, Collections.emptyList(), currentTime, currentTime + 5 * MINUTE_MILLIS);
    String encodedIdentity = Base64.getEncoder().encodeToString(accessTokenCodec.encode(tokenManager.signIdentifier(userIdentity)));
    Credential credential = new Credential(encodedIdentity, Credential.CredentialType.INTERNAL);
    Principal principal = new Principal(SYSTEM_PRINCIPAL, Principal.PrincipalType.USER, null, credential);
    Assert.assertEquals(Collections.emptySet(), internalAccessEnforcer.isVisible(entities, principal));
}